More than a decade after Kubernetes was introduced, and even as adoption of the container orchestrator has skyrocketed, a skills gap persists.

This is a big problem for enterprises that need K8s to scale. For Sebastian Kister, Kubernetes has become the public transport for compute.

“Kubernetes makes it possible to supply computing power automatically, at scale and, most of all, securely and reliably — which is not the case for many, many of the other technologies that we had before,” said Kister, product team lead of the container competence center, platforms and operations team at the car maker Audi and transformation consultant for other enterprises.

But that doesn’t mean Kubernetes has become easier to work with.

“The challenge is especially in the skillset of people using it,” he said. “The market makes it difficult to find truly senior people who have a deep understanding of Kubernetes.”

It all came to a head recently when one of his teams wanted to add 12 new clusters, and the site reliability engineering team responded: We need time to find and hire two more SREs.

With all the automation around Kubernetes in place, Kister was surprised by so many barriers to scaling. In the face of these perpetuating complexities, vulnerabilities and incidents, Kister looked toward AI.

Six months ago, Kister adopted the Kubiya agentic AI platform to support security responses that are, as he put it, “real-time, context-aware and continuously updated.” This adoption of agentic AI not only took an enterprise he works with from risk acceptance to active, intelligent remediation — it decreased team friction and stopped the blame game.

Agentic AI Aids Asymmetric Scaling

Like most companies of late, Kister’s platform engineering and operations teams felt urgent pressure to scale while facing shrinking budgets and rigid processes.

“We couldn’t hire fast enough, and educating junior talent at scale was too slow and unpredictable. The market made it nearly impossible to attract top-tier talent,” Kister said.

“We had to find another way — an asymmetric way to scale that didn’t rely on scarce resources.”

Kister aimed to leverage AI agents to get rid of toil and incident remediation, to free senior developers from operations tasks and all developers from focus drift. He looked to agentic AI platforms, where AI agents can be trained on special tasks to get rid of repetitive tasks and shift focus more on features, innovation and enablement of projects using the platform.

Building an Army of Very Specific AI Agents

The plan to leverage AI agents is not about deploying an AI agent for every use case.

It does not even follow the common platform engineering practice of covering use cases that affect 80% of engineers. Right now, Kister’s team is prioritizing AI agent use cases around runtime security, reliability and incident remediation that affect all engineering teams.

Kubiya has an “agentic native” internal developer platform for programmable agents that are configured to act as dedicated SRE AI agent soldiers for software development teams. There are 200 AI agent use cases out of the box but, like all platform engineering initiatives, organizations can build on top with custom agents for specific use cases.

Kubiya runs within this company’s Red Hat OpenShift clusters, scaling across its environments and integrating within its identity and access management (IAM) and role-based access control (RBAC) policies, with all the production-ready security and compliance guardrails in place.

“We have full visibility and control, and we trust these agents to do exactly what they’re supposed to — no more, no less,” Kister said.

Unlike other AI agent platforms that are still prone to hallucinations, Kubiya has added programmability and predictability controls, so even when a developer asks the AI agent to do something out of scope, it will limit the response to only the tool calls and permissions granted to it.

That scope is very specific to a policy or environment to which it has access. It is Open Policy Agent enforced, therefore working within on-premise or in air-gapped environments.

“It’s not a Software as a Service,” Kister said. “It’s your very special trained little Navy SEAL,  sitting there doing this one job every day, every night, 24/7.” It heavily contributes to enterprise resiliency, he added.

In addition, by relying on Kubiya’s in-house SREs to create an AI agentic workforce, some of his clients’ platform teams were able to scale the technology without adding another training — or “an enormous team,” as he put it — to learn these nascent skills.

Kubiya has a full-stack AI platform that allows organizations to build on top of or bring their own AI agents for production-ready use cases. It also offers an enterprise version that includes on-premise deployments, a choice of large language models, and service assistance, which Kister’s team leaned on to avoid adding another skills gap.

“I bought an AI ‘platform engineer’ to deploy agentic workflows in a production-grade environment,” he said. “Then, as the requirements expand, we can take leverage of this asymmetric way to scale our workforce into new areas of the business.”

“Right now, as I don’t have the people or the knowledge to scale horizontally, I use their repository of pre-built AI agents to augment my teams’ efforts in running operations without needing to think twice about it.”

Measuring the Success of an AI Agent Platform

An engineering strategy is only as good as it is measured to be.

Before Kubiya, common vulnerabilities and exposures (CVEs) would sit in Jira, Kister said, treated like routine tasks — although they are anything but that.

“That backlog delayed responses and exposed risks,” he said. “With Kubiya, we automated mission-critical operations — on-call handling, real-time remediation and operational deflection — freeing our top developers from context overload so they can focus on innovation.”

In just six months, security at scale is proven:

• Mean time to resolution (MTTR) dropped from eight hours to 30 minutes.
• Weekly resolution time went from 64 hours to four.
• Incidents reduced by 80%, due to proactive, AI-powered troubleshooting.
• Repetitive requests for engineers dropped by 80%.
• Annual run-rate for cloud infrastructure costs dropped by 20%, by identifying failed deployments running unnecessarily.
• Compliance audits and security checks now take half the time to generate.

The project doubled the team’s value proposition, Kister said, because the cost of tooling increased by only 10%, all managed by his small, focused team.

AI Agents Help Developers Communicate

Kubiya didn’t just remove some of the biggest technical frustrations. It removed a lot of the interpersonal ones, too.

“This little agent talks to your junior developer and it can provide insights, and we got rid of finger pointing,” Kister said, because if something doesn’t meet standards, the platform won’t allow it to be deployed, and the developer knows exactly why.

Developers simply have a conversation with the AI agent, asking: What happened here? What’s your advice? In the future, he said, his team will test making remediation more automated, too.

Now, “80% of troubleshooting is just off the table because it’s instantly clear through the AI, through the little agent that sits there,” he said. “You ask it, what happened here? And it’s like: Do you have a root cause for that? Yes, and it tells you the root cause and you just know what happened.”

Many of these core developer productivity metrics are conduits for cost because it reduces engineering hours spent on the frustration of finding what went wrong and reallocating that time to creating new features faster.

With Kubiya’s new AI agent platform, Kister’s team — and its internal developer customers — unlock visibility, scale builds asymmetrically, and truly do more with less. Or, better put: Do more with exactly the team he has.

The post Agentic AI and Platform Engineering: How They Can Combine  appeared first on The New Stack.

If you know where to look, exposed secrets are easy to find. Secrets are supposed to prevent unauthorized access, but in the wrong hands, they can be—and typically are—exploited in seconds.

To give you an idea of the scope of the problem, more than 39 million secrets were leaked across GitHub in 2024 alone.¹ Every minute GitHub blocks several secrets with push protection.² Still, secret leaks remain one of the most common—and preventable—causes of security incidents. As we develop code faster than ever previously imaginable, we’re leaking secrets faster than ever, too.

That’s why, at GitHub, we’re working to prevent breaches caused by leaked tokens, credentials, and other secrets–making protection against secret exposures accurate, built-in, and accessible to every developer.

Today, we’re launching the next evolution of GitHub Advanced Security, aligning with our ongoing mission to keep your secrets…secret.

• Secret Protection and Code Security, now available as standalone products
• Advanced Security for GitHub Team organizations
• A free, organization-wide secret scan to help teams identify and reduce exposure.³

Here’s how secrets leak, what we’re doing to stop it, and what you can do to protect your code. Let’s jump in.

How do secret leaks happen?

Most software today depends on secrets—credentials, API keys, tokens—that developers handle dozens of times a day. These secrets are often accidentally exposed, which makes sense. Less intuitively, a large number of breaches come from well-meaning developers who purposely expose a secret. Developers also often underestimate the risk of private exposures, committing, sharing, or storing these secrets in ways that feel convenient in the moment, but which introduce risk over time.

Unfortunately, these seemingly innocuous secret exposures are small threads to pull for an attacker looking to unravel a whole system. Bad actors are extremely skilled at using a foothold provided by “low risk” secrets for lateral movement to higher-value assets. Even without the risk of insider threats, persisting any secret in git history (or elsewhere) makes us vulnerable to future mistakes. Research shows that accidental mistakes (like inadvertently making a repository public) were higher in 2024 than ever before.

If you’re interested in learning more about secret leaks and how to protect yourself, check out this great video from my colleague Chris Reddington:

What is GitHub doing about it?

We care deeply about protecting the developer community from the risk of exposed secrets. A few years ago, we formally launched our industry partnership program, which has now grown to hundreds of token issuers like AWS, Google Cloud Platform, Meta, and OpenAI—all fully committed to protecting the developer community from leaked secrets.

Last year, we rolled out push protection by default for public repositories, which has since blocked millions of secrets for the open source community.

And finally, as of today, we’re rolling out additional changes to our feature availability, aligning with our ongoing goal to help organizations of all sizes protect themselves from the risk of exposed secrets: a new point-in-time scan, free for organizations; a new pricing plan, to make our paid security tooling more affordable; and the release of Secret Protection and Code Security to GitHub Team plans.

What you can do to protect yourself from exposed secrets

The easiest way to protect yourself from leaked secrets is not to have any in the first place. Push protection, our built-in solution, is the simplest way to block secrets from accidental exposure. It leverages the same detectors that we created through our partnership program with cloud providers, ensuring secrets are caught quickly and accurately with the lowest rate of false positives possible.

Studies have shown that GitHub Secret Protection is the only secret scanning tool—proprietary or open source—that can claim an over one in two true positive rate across all findings⁴. GitHub received a precision score of 75% (compared to the next best, 46% precision). Compared to alternatives like open source scanning solutions, it’s not that GitHub is finding fewer secrets, it’s that we’re finding real ones, so that you can spend your time worrying less about false positives, and more about what matters–shipping.

Long-lived credentials are some of the most common and dangerous types of secrets to leak, as they often persist unnoticed for months–or years–and give bad actors extended access. That’s why managing secrets through their full lifecycle is critical.

Beyond push protection, you can protect yourself from leaks by following security best practices to ensure secrets are securely managed from creation to revocation:

• Creation: follow the principle of least privilege and make sure secrets are securely generated.
• Rotation: outside of user credentials, secrets should be regularly rotated.
• Revocation: restrict access when no longer needed–or when compromised.

Throughout the lifecycle of a secret, you should eliminate human interaction and automate secret management whenever possible.

In addition, you should adopt a continuous monitoring solution for detecting exposures, so you can react quickly. Like push protection, GitHub’s built-in solution for secret scanning is the simplest way to triage previously leaked secrets.

Starting today, investing in GitHub’s built-in security tooling is more affordable and in reach for many teams with the release of GitHub Secret Protection (free for public repositories), in addition to a new point-in-time scan (free for all organization repositories), which can be run periodically to check for exposed secrets.

Learn more about deploying and managing secret protection at scale:

GitHub Secret Protection and GitHub Code Security

As of today, our security products are available to purchase as standalone products for enterprises, enabling development teams to scale security quickly. Previously, investing in secret scanning and push protection required purchasing a larger suite of security tools, which made fully investing unaffordable for many organizations. This change ensures scalable security with Secret Protection and Code Security is no longer out of reach for many organizations.

In addition, as of today, our standalone security products are also available as add-ons for GitHub Team organizations. Previously, smaller development teams were unable to purchase our security features without upgrading to GitHub Enterprise. This change ensures our security products remain affordable, accessible, and easy to deploy for organizations of all sizes.

Have your secrets been exposed? Try our new public preview

Understanding whether you have existing exposed secrets is a critical step. Starting today, you can run a secret risk assessment for your organization.

The secret risk assessment is a point-in-time scan leveraging our scanning engine for organizations, covering all repositories–public, private, internal, and even archived–and can be run without purchase. The point-in-time scan provides clear insights into the exposure of your secrets across your organization, along with actionable steps to strengthen your security and protect your code. In order to lower barriers for organizations to use and benefit from the feature, no specific secrets are stored or shared.

The public preview is releasing today for organizations across GitHub Team and Enterprise plans to try. It’s still quite early, so we’d love to hear your feedback, like whether additional guidance on next steps would be helpful, or whether this is something you’d leverage outside of Team and Enterprise plans.

If you have feedback or questions, please do join the discussion in GitHub Community–we’re listening.

Notes

The post GitHub found 39M secret leaks in 2024. Here’s what we’re doing to help appeared first on The GitHub Blog.

We’re happy to announce the general availability (GA) of the permanent delete APIs for contacts, messages, and events as well as for contact folders, mail folders, and calendars.

This set of APIs is one of several we’re releasing in the coming months to fill gaps in the Microsoft Graph API to facilitate the transition away from Exchange Web Services (EWS).

The following APIs are now GA and available in the v1.0 endpoint:

• Permanent delete for mail message and mail folder
• Permanent delete for event and calendar
• Permanent delete for contact and contact folder

We’re filling gaps in the Microsoft Graph API at an accelerated pace ahead of the retirement of EWS In October 2026. We’ve already unblocked many scenarios and are working hard to achieve parity.

In the meantime, we recommend that you start your migration in advance of the October date to ensure sufficient time to address any issues with the Microsoft Graph APIs before EWS is officially retired.

We’d love to hear your feedback! If you have any suggestions, questions, or issues to report, please leave a comment on this post. Stay tuned for more API updates in the coming months.

The post Microsoft Graph APIs for permanent deletion of mailbox items now available appeared first on Microsoft 365 Developer Blog.

There are an almost uncountable number of Windows 11 "tweak"-type utilities out there. But Wintoys is one of the better ones.

The post Tip: Use Wintoys to Customize Windows 11 appeared first on Thurrott.com.

\ Welcome back, AI enthusiasts! Today, we’re exploring Google’s new Gemma 3 AI — a powerful open-source model designed to operate on a single GPU. If you’re here because you’ve heard the hype about Gemma 3 being the “most powerful model you can use on one GPU,” you’re in the right place.

About Gemma 3

What is Google Gemma 3?

Think of Gemma 3 as Google’s answer to GPT-style models, but it’s open and optimized to run anywhere — your laptop, a single server, or even a high-end phone! It’s the latest in Google’s Gemma family of AI models. Google took the same core tech that powers their gigantic Gemini models and distilled it into Gemma 3. The result: a set of models you can actually download and run yourself. Gemma 3 is all about accessibility without sacrificing performance. In fact, the largest Gemma 3 model, with 27 billion parameters, ranks among the top open AI models in quality.

\

\

Understanding Gemma 3 Models

Gemma 3 comes in four sizes — 1B, 4B, 12B, and 27B (that’s “B” for billion parameters). The bigger, the smarter, generally. But even the 4B or 12B can handle a lot. It’s multilingual (140+ languages out of the box) and even multimodal, meaning it can understand images combined with text. We’ve only seen this in very advanced models like GPT-4. Plus, Gemma 3 has an expanded memory — a 128,000 token context window — basically, it can read and remember extremely long documents or conversations. For perspective, that’s over 100 pages of text in one go!

\ Google made Gemma 3 open for developers. You can download the model weights for free and run them locally or call Gemma 3 through an API. There is no need to pay per prompt if you host it yourself. It’s licensed for commercial use with some responsible AI guidelines, so you could potentially build it into a product. This open-model approach is similar to Meta’s LLaMA 2, but Google’s taken it further with multimodal and high efficiency.

\ You can use your favorite tools, such as Hugging Face Transformers, Ollama, PyTorch, Google AI Edge, UnSloth, vLLM, etc. In this tutorial, I’ll show you how to use it via Hugging Face. At the end of my tutorial, we’ll have a web application similar to ChatGPT that we will run locally.

Gemma 3’s Key Features

\

• Small but Strong. Gemma 3 is powerful; even the big 27B model can run on one GPU. It’s faster and smaller than many other AIs.
• It Reads Long Texts. It can read and understand very long documents, such as books or contracts, all at once.
• Understands Pictures and Text. You can show it an image and ask questions. It knows how to look at pictures and give competent answers.
• Speaks 140+ Languages. Gemma works in many languages — like Spanish, French, Japanese, and more.
• Gives Clean Data. It can reply in formats like JSON, so developers can use the answers in apps easily.
• Runs on Smaller Devices. Smaller versions are available, so you can run it on laptops with less memory.
• Built-in Safety. Google added ShieldGemma 2 tools to help keep it safe and block harmful content.

Minimum Requirements to Run Gemma 3 Locally

If you want to run Gemma 3 locally on your computer, ensure your device meets the minimum requirements.

\

\

How to Access Gemma 3

There are multiple ways how you can work with this model. In this tutorial, I’ll show you three ways:

• Google AI Studio
• Hugging Face
• Google APIs

How to Use Gemma 3 in Google AI Studio

• Open this link in your browser: https://aistudio.google.com/

• You’ll need a Google account to use AI Studio.

• Click “Create Prompt”.

• In the Model Settings, select Gemma 3 (you may see options like “Gemma 27B”, “Gemma 4B”, etc.).

• Type anything you want Gemma to help with — like writing, coding, or asking questions.

• Click the “Run” button to get a response from Gemma 3.

  \

  

\

How to Use Gemma 3 with Hugging Face Transformers (Python)

If you’re comfortable with Python, this is straightforward. Hugging Face has the Gemma 3 models on their hub. All you do is install transformers library, and then download the model. I won’t explain all the steps in detail, but you can read my full tutorial about Hugging Face,

\ Before we start, you would need:

• Install IDE like VScode
• Install Python language
• \

Then follow these steps:

• Open https://huggingface.co and create an account there.

• Click the “Models” link in the top nav and filter the result by typing “Gemma” and selecting one of Google’s models from the list.

  \

  

\

• Select the desired model, e.g., https://huggingface.co/google/gemma-3-4b-it, and accept the license agreement.

  \

  

\ Then open your terminal and paste these commands one by one:

python3 -m venv venv  
source venv/bin/activate  
pip install transformers datasets evaluate accelerate  
pip install torch

\ Then open your IDE and create a new file, e.g., main.py, with the following code:

from transformers import pipeline  
import torch  

pipe = pipeline(  
    "image-text-to-text",  
    model="google/gemma-3-4b-it",  
    device="cpu",  
    torch_dtype=torch.bfloat16  
)  

messages = [  
    {  
        "role": "system",  
        "content": [{"type": "text", "text": "You are a helpful assistant."}]  
    },  
    {  
        "role": "user",  
        "content": [  
            {"type": "image", "url": "https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/p-blog/candy.JPG"},  
            {"type": "text", "text": "What animal is on the candy?"}  
        ]  
    }  
]  

output = pipe(text=messages, max_new_tokens=200)  
print(output[0]["generated_text"][-1]["content"])

\ Run the python code by using this command:

python3 main.py

\ In this example, we asked Gemma to look at the image from the URL and identify the animal on the candy. We used the Gemma 3–4B model and the device — CPU.

\ The complete code with other examples you can find on my Git repo — Gemma 3

How to Use Gemma 3 via Google’s API

As in the Hugging Face example, before we start, you would need:

• Install IDE like VScode
• Install Python language

\ Then follow these steps:

• Open https://aistudio.google.com/ and create a Google account if you don’t have one.
• Then click on the “Get API key” button. On this page, you need to generate an API key. We will need it to connect to Google Cloud API.

\

Then open your terminal and paste these commands one by one:

\

pip install google-generativeai  
pip install google-genai

\ Then open your IDE and create a new file, e.g., google-cloud-api-terminal.py, with the following code:

\

import google.generativeai as genai  

# Configure the API key  
genai.configure(api_key="[REPLACE-THIS-TEXT-WITH-YOUR-API-KEY]")  

# Initialize the GenerativeModel with the model name as a positional argument  
model = genai.GenerativeModel("gemma-3-27b-it")  

# Generate content  
response = model.generate_content("What is the latest version of iphone?")  

# Print the generated text  
print(response.text)

\ This example used a 27-billion parameters model and a simple text prompt.

\ The complete code with other examples you can find on my Git repo — Gemma 3

A Simple Web Application Similar To ChatGPT that Using Gemma 3

So, let’s collect everything together and create a simple web application that we can run locally on your computer. In this example, I’ll be using Google Cloud API but you can use Hugging Face and download the model on your computer.

\ We are going to use the chainlit library. Chainlit is an open-source Python package to build production-ready Conversational AI.

\ Before we start, you would need:

• Install IDE like VScode

• Install Python language

• Google’s API key from Google AI studio (look at the previous section).

  \

Then open your terminal and paste these commands one by one:

\

pip install google-generativeai  
pip install google-genai  
pip install chainlit

\

import chainlit as cl  
import google.generativeai as genai  

# Configure the Generative AI client  
genai.configure(api_key="[REPLACE-THIS-TEXT-WITH-YOUR-API-KEY]")  

# Initialize the GenerativeModel  
model = genai.GenerativeModel("gemma-3-27b-it")  

@cl.on_message  
async def handle_message(message: cl.Message):  
    # Generate content based on the user's input  
    response = model.generate_content(contents=[message.content])  
    reply = response.text  
    # Send the generated response back to the user  
    await cl.Message(content=reply).send()

\ Run the Python code by using this command:

chainlit run google-cloud-web-interface.py

\ If everything is ok, you will see your web application at http://localhost:8000/

\

\

Video Tutorial

I have a video tutorial that explains everything in detail. You can find it on YouTube.

\ Watch on YouTube: Gemma 3 Full Guide

\ https://youtu.be/_IzgKu0xnmg?si=P0lDT81zxmJg6Gp9&embedable=true

Conclusion

In conclusion, Google Gemma 3 is a highly capable AI you can run locally and customize yourself. Whether you’re a developer refining it for a custom app or an enthusiast exploring AI on your PC, Gemma 3 offers immense possibilities.

\ If you found this tutorial helpful, give it a thumbs up and subscribe for more cutting-edge AI content. If you have questions or did something cool with Gemma 3, I’d love to hear about it.

\ Thanks for reading, and until next time, happy coding! 👋

\ Cheers! ;)