Operations | Monitoring | ITSM | DevOps | Cloud

Shai-Hulud is back - this time being lighter, faster and more automated than before. This new wave, termed as Mini Shai-Hulud, has affected a number of packages from tanstack, uipath, opensearch-project and mistralai among others over the past few weeks, with the latest series of major compromises coming on 19th May, 2026 on major organizations openclaw-cn and antv. Check an extensive list of affected packages here.

If you are a software developer or engineer, you most likely have to do code review. At the bare minimum, you probably have had your pull requests reviewed. If you haven’t, then you are probably curious about how the rest of the world deals with the process. In general, we use code review to make sure we are shipping high quality code that does what it’s supposed to and is easy to maintain. That’s the goal, at least. In practice, code review can get messy.

We recently announced the Limited Availability (LA) launch of Aiven Apps, which lets teams define, run, and scale production-ready, real-time applications using container and Compose-based workflows they already know. It provides a managed, stateless runtime that runs directly inside your data perimeter, letting you deploy applications alongside open-source data services like PostgreSQL and Apache Kafka.

Kosli recently released kosli evaluate trail, a command that evaluates selected attestations in a Kosli trail against a Rego policy file. We used it to build a complete and useful solution for tracking Snyk container vulnerabilities for cyber-dojo (an open-sourced browser based online tool for practising TDD which Kosli uses for demos). You’ll read about what we built, why we built it, how we tested it, and specifically.

Claude Mythos may be wrapped in hype, but the core signal is real: AI is making vulnerability discovery much faster, which means defenders have less time than ever to patch and enforce secure configurations. The real risk isn’t just smarter models, it’s that security teams will face a flood of new findings while the window between disclosure and exploitation keeps shrinking.

There's a conversation I keep having with our design partners at incident.io. It starts when I ask "what are you doing with AI internally?" and lands in a similar place every time. The shape of how their engineering teams work is changing fast. Not in vague "AI is transforming everything" ways, but in concrete, repeatable patterns. Different companies are building the same things. The frontier teams are six to twelve months ahead of the average, and they're describing the same future.

AI observability covers performance, quality, reliability, safety, and cost. Most tools handle the first four. Here's what each pillar means, which tools cover which, and why cost is the dimension enterprises keep missing.