GitLab’s 18.5 Release: Smarter, Not Busier

GitLab is rolling out AI agents designed to take the pain out of the tedious, manual work that slows down security and DevSecOps teams. The goal? To help developers focus on what really matters instead of drowning in noise.
Let’s be honest - the challenge with today’s software delivery isn’t a lack of tools. It’s that there are too many. Dev teams are buried under alerts, reports, and dashboards. Security platforms flag thousands of vulnerabilities, but only a handful are truly critical. The result is chaos constant context switching, endless planning meetings, security checks, and code reviews. Developers spend more time managing tasks than actually building things.
This nonstop juggling drains productivity and exposes businesses to risk. GitLab’s new 18.5 release wants to change that. Instead of adding yet another dashboard or checklist, GitLab is making the process smarter using AI to cut through the noise, surface what’s truly important, and automate the rest. It’s not about more tools. It’s about better focus.

From AI Chat to Automated Work: GitLab’s Duo Agent Platform Is Redefining DevSecOps

GitLab is taking a major step forward with its Duo Agent Platform, moving beyond simple AI chat to fully automated DevSecOps team members. These AI agents aren’t just assistants they act like virtual teammates that handle the repetitive, manual work that slows down developers, security engineers, and project managers.

Smarter Security with the Duo Security Analyst Agent

For security teams, GitLab’s Security Analyst Agent turns traditional vulnerability management into a smart, automated process. Instead of just identifying issues, it takes things further - running the right tools, enforcing security policies, and applying fixes based on context. Think of it as a proactive teammate that looks at real threats, filters out the noise, and handles the grunt work - all while staying compliant with your organization’s rules. The result: faster vulnerability management, fewer manual checks, and a lot less firefighting.

A Planning Partner for Product Managers

On the project management side, the GitLab Duo Planner is tackling one of the biggest pain points for product managers - planning overload.
This agent understands your project’s structure, agile workflows, and backlog history. Instead of spending hours digging through outdated tickets, a manager can simply ask:
Which backlog items are outdated, and what should I prioritize next?
The Duo Planner then summarizes, identifies duplicates, and recommends what to focus on based on milestones, labels, and priorities. It’s like having an extra set of eyes that keeps your roadmap clean and your focus sharp.

Built Into Your Workflow

The new GitLab Duo interface introduces a panel layout that keeps the AI assistant Duo Chat visible at all times. This means the agent is now an active part of your workflow, not a separate chat window you forget to use. For now, the updated UI is off by default in version 18.5, giving teams time to adapt. But GitLab plans to make it the default in 18.6, signaling a strong shift toward AI-driven workflows.

What Companies Should Know

A few key details stand out in this release:

• Read-Only (For Now): The Duo Planner currently operates in read-only mode - it can analyze and suggest, but it can’t yet make changes. That means automation is still partly human-guided, ensuring control and oversight in critical processes.
• Data Security Comes First: For industries with strict data privacy requirements, GitLab has introduced a self hosted version of the Duo Agent Platform (now in beta). This allows organizations to run AI agents within their own infrastructure keeping sensitive data protected while still benefiting from automation.
• AI Integration Made Simple: GitLab also knows that teams use different AI tools. The Extensible Agent Catalog bridges that gap by integrating popular platforms like Claude, OpenAI Codex, Google Gemini CLI, and Amazon Q Developer. It even supports enterprise ecosystems like Google Vertex AI and AWS Bedrock, so teams can bring their favorite AI stack directly into GitLab.

The Bottom Line

GitLab’s Duo Agent Platform is more than another AI feature drop; it's a strategic move toward true intelligent automation in DevSecOps. By embedding AI into daily workflows, GitLab is helping teams cut through chaos, reduce busywork, and focus on what really drives innovation.
The message is clear: the future of software delivery isn’t just about adding more tools, it's about making the ones we already have work smarter.

AI’s Role in Helping DevSecOps Teams Focus on Real Threats

GitLab’s 18.5 release takes a big step forward in bringing more more intelligent not just automation -into the DevSecOps process. While the spotlight is on its new AI agents, this update also delivers smarter security tools designed to help teams focus on what truly matters: the vulnerabilities that actually pose a threat.

Smarter Security, Not Just More Alerts

Security teams have long struggled with endless vulnerability lists - many of which never lead to real-world exploits. GitLab’s latest features aim to change that. One of the biggest additions, Static Reachability Analysis, helps teams determine whether a piece of vulnerable code is actually used in the application. Instead of flagging every issue in every dependency, it pinpoints the ones that can truly be exploited - saving teams from chasing false alarms.
Similarly, the new Secret Validity Checks go beyond simply finding exposed credentials. They verify whether a secret is still active or has already been rotated or revoked, helping teams focus on current risks instead of historical leftovers.

More Speed, Less Distraction for Developers

This focus on efficiency extends to the development process itself. With diff-based SAST scanning, GitLab now analyzes only the parts of the code that have changed, rather than rescanning entire repositories. The result? Faster scans, faster feedback, and fewer interruptions contact us so developers can stay focused on shipping quality code without getting bogged down by unnecessary rechecks.

The Takeaway

GitLab 18.5 isn’t just another update - it’s a clear sign of where DevSecOps is headed. AI isn’t here to replace teams; it’s here to help them focus on what really matters: securing what’s truly vulnerable, working faster, and building better software with confidence.