Operations | Monitoring | ITSM | DevOps | Cloud

AI speeds delivery but expands risk. Teams need context, verification, behavior detection, and learning to stay secure by default. Software delivery has been accelerating for more than a decade, and the arrival of AI has pushed us into an entirely new velocity class. Code generation, configuration scaffolding, infrastructure suggestions, remediation hints, and deployment decisions now involve AI. It participates in every stage of the delivery pipeline. On the surface, this feels like progress.

November was another big month for Harness AI, with new capabilities that deepen our work with AWS, bring AI-native automation to the database, and keep our model stack on the cutting edge across the SDLC.

A critical, unauthenticated Remote Code Execution (RCE) vulnerability, CVE-2025-55182, has been discovered in React Server Components and Next.js with the maximum severity rating of 10.0. The article highlights that Traceable by Harness WAF provided immediate, proactive protection against this vulnerability class through multi-layered defenses like Server Side Template Injection (SSTI) and Node.js Injection attack rules, even before the CVE was officially disclosed.

This article examines how enterprises can eliminate configuration drift, strengthen security, and streamline Terraform and OpenTofu workflows through centralized variable management and secure provider distribution. It highlights how Harness IaCM’s Variable Sets and Provider Registry bring consistency, governance, and automation to IaC at scale while transforming how platform teams manage configuration, secrets, and custom integrations across every environment.

Database DevOps and migration systems solve different parts of the same workflow - one enables collaboration, governance, and automation while the other delivers structured, versioned schema execution. Using both eliminates release friction by aligning developers, DBAs, and CI/CD pipelines with full auditability and rollback safety. Harness converges these capabilities to make database changes seamless, compliant, and production-ready by design. Every developer knows this story.

Today, we’re excited to announce our expanded partnership with Amazon, bringing together the power of Amazon Kiro, Amazon Q Developer, and Harness SaaS on AWS to revolutionize how your team builds, troubleshoots, secures, and deploys software. This collaboration is designed to deliver a seamless, intelligent, and scalable software delivery experience for all AWS customers.

As organizations accelerate their AI-driven development, the need for trustworthy and transparent experimentation is greater than ever. Warehouse Native Experimentation keeps analysis where the data already lives, enabling teams to validate features with metrics and reliable SQL logic. The result is faster iteration with less risk, and decisions rooted in the same source of truth the business already trusts.

Harness makes software delivery in AWS faster, safer, and more delightful. Harness, the AI Platform for Everything After Code, offers CI/CD, infrastructure-as-code management, and cloud cost management capabilities tailored to the AWS environment. Harness has come a long way since its 2019 debut on the AWS Marketplace. Back then, over half of Harness customers were already running on AWS, and Harness focused on delivering Continuous Delivery as a Service for AWS applications.

Harness Database DevOps was born from a simple question - how can database delivery be as seamless and safe as application delivery? Through deep collaboration with design partners, open-source learnings, and relentless iteration, the team built a platform that unites developers, DBAs, and DevOps under a single, automated workflow. At its core, it’s a story of empathy-driven engineering - transforming database change management into a faster, more reliable, and collaborative experience.

Shai-Hulud 2.0 shows how quickly a compromised maintainer account can result in thousands of infected NPM packages and repositories within hours. Harness SCS provides end-to-end SBOM visibility, policy enforcement to block compromised NPM packages, and complete traceability to detect malicious components early and prevent them from entering your pipelines.