Contemporary DevSecOps pipelines have to deal with the evolution of security in an ever-continuously integrated and deployed environment. Existing methods,such as rule-based intrusion detection and static vulnerability scanning, are inadequate and unreceptive to changes in the system, causing longer response times and organization needs exposure to emerging attack vectors. In light of the previous constraints, we introduce AutoGuard to the DevSecOps ecosystem, a reinforcement learning (RL)-powered self-healing security framework built to pre-emptively protect DevSecOps environments. AutoGuard is a self-securing security environment that continuously observes pipeline activities for potential anomalies while preemptively remediating the environment. The model observes and reacts based on a policy that is continually learned dynamically over time. The RL agent improves each action over time through reward-based learning aimed at improving the agent's ability to prevent, detect and respond to a security incident in real-time. Testing using simulated ContinuousIntegration / Continuous Deployment (CI/CD) environments showed AutoGuard to successfully improve threat detection accuracy by 22%, reduce mean time torecovery (MTTR) for incidents by 38% and increase overall resilience to incidents as compared to traditional methods. Keywords- DevSecOps, Reinforcement Learning, Self- Healing Security, Continuous Integration, Automated Threat Mitigation

Recent advancements in large language models (LLMs) have shown very impressive capabilities in code generation across many programming languages. However, even state-of-the-art LLMs generate programs that contains syntactic errors and fail to complete the given tasks, especially for low-resource programming languages (LRPLs). In addition, high training cost makes finetuning LLMs unaffordable with constrained computational resources, further undermining the effectiveness of LLMs for code generation. In this work, we propose SLMFix, a novel code generation pipeline that leverages a small language model (SLM) finetuned using reinforcement learning (RL) techniques to fix syntactic errors in LLM-generated programs to improve the quality of LLM-generated programs for domain-specific languages (DSLs). In specific, we applied RL on the SLM for the program repair task using a reward calculated using both a static validator and a static semantic similarity metric. Our experimental results demonstrate the effectiveness and generalizability of our approach across multiple DSLs, achieving more than 95% pass rate on the static validator. Notably, SLMFix brings substantial improvement to the base model and outperforms supervised finetuning approach even for 7B models on a LRPL, showing the potential of our approach as an alternative to traditional finetuning approaches.

Professional sports teams pour millions of dollars into data analytics, using advanced tracking systems to study every sprint, pass, and decision on the field. The results of that analysis, however, are industry secrets, making many sports difficult for researchers to study. Now, two University of Waterloo researchers, Dr. David Radke and Kyle Tilbury, are using AI to level the playing field. By tapping into Google Research Football's reinforcement learning environment, the researchers developed a system that can simulate and record unlimited soccer matches. To get things started, they generated and saved data from 3,000 simulated soccer games, resulting in a rich and complex dataset of passes, goals, and player movements for researchers to study.

LLMs show promise in code generation, yet their effectiveness for IT automation tasks, particularly for tools like Ansible, remains understudied. Existing benchmarks rely primarily on synthetic tasks that fail to capture the needs of practitioners who use IT automation tools, such as Ansible. We present ITAB (IT Automation Task Benchmark), a benchmark of 126 diverse tasks (e.g., configuring servers, managing files) where each task accounts for state reconciliation: a property unique to IT automation tools. ITAB evaluates LLMs' ability to generate functional Ansible automation scripts via dynamic execution in controlled environments. We evaluate 14 open-source LLMs, none of which accomplish pass@10 at a rate beyond 12%. To explain these low scores, we analyze 1,411 execution failures across the evaluated LLMs and identify two main categories of prevalent semantic errors: failures in state reconciliation related reasoning (44.87% combined from variable (11.43%), host (11.84%), path(11.63%), and template (9.97%) issues) and deficiencies in module-specific execution knowledge (24.37% combined from Attribute and parameter (14.44%) and module (9.93%) errors). Our findings reveal key limitations in open-source LLMs' ability to track state changes and apply specialized module knowledge, indicating that reliable IT automation will require major advances in state reasoning and domain-specific execution understanding.

Articles about AI in the media are often accompanied by images of blue brains, white robots, and flying maths, sometimes only tangentially related to the content being reported. Due to these poor image choices, communications from media sources and marketing materials risk misinforming or misleading the public about how AI works and the impact it can have. However, finding images that better represent the research and technologies is difficult. A recent project has focussed on providing people with the sources and knowledge necessary to create their own images. The Archival Images of AI project has been exploring how existing images – especially those from digital heritage collections – can be remixed and reused to create new images, particularly to represent AI in more compelling ways.

While these prognostications may prove true, today's businesses are finding major hurdles when they seek to graduate from pilots and experiments to enterprise-wide AI deployment. Just 5.4% of US businesses, for example, were using AI to produce a product or service in 2024. Moving from initial forays into AI use, such as code generation and customer service, to firm-wide integration depends on strategic and organizational transitions in infrastructure, data governance, and supplier ecosystems. As well, organizations must weigh uncertainties about developments in AI performance and how to measure return on investment. If organizations seek to scale AI across the business in coming years, however, now is the time to act.

The recent improvement in code generation capabilities due to the use of large language models has mainly benefited general purpose programming languages. Domain specific languages, such as the ones used for IT Automation, have received far less attention, despite involving many active developers and being an essential component of modern cloud platforms. This work focuses on the generation of Ansible-YAML, a widely used markup language for IT Automation. We present Ansible Wisdom, a natural-language to Ansible-YAML code generation tool, aimed at improving IT automation productivity. Ansible Wisdom is a transformer-based model, extended by training with a new dataset containing Ansible-YAML. We also develop two novel performance metrics for YAML and Ansible to capture the specific characteristics of this domain. Results show that Ansible Wisdom can accurately generate Ansible script from natural language prompts with performance comparable or better than existing state of the art code generation models. In few-shot settings we asses the impact of training with Ansible, YAML data and compare with different baselines including Codex-Davinci-002. We also show that after finetuning, our Ansible specific model (BLEU: 66.67) can outperform a much larger Codex-Davinci-002 (BLEU: 50.4) model, which was evaluated in few shot settings.

As the contract lifecycle management company Ironclad is today releasing its AI redlining tool AI Assist out of beta, is has revealed that the tool is powered by OpenAI's GPT-4, making it what Ironclad says is the first contract redlining application powered by the latest version of Open AI's generative AI. "The results with AI Assist have been beyond what we could even have imagined," said Ironclad CEO and co-founder, Jason Boehmig. "An initial pass at contract redlining usually takes about 40 minutes. Already, some large enterprises are using Ironclad AI to review over 50% of their incoming contracts, so the compounding business impact there is unprecedented." Although Ironclad says that this is the first redlining tool to use GPT-4, Casetext's CoCounsel, which is built on GPT-4, has capabilities for checking contract policy compliance and suggesting redlines to bring contracts into compliance. It should also be noted that there are other contract redlining tools on the market that use AI, but not GPT-4.

When, late last year, the editor asked me and other Observer writers what we thought 2023 would be like, my response was that it would be more like 1993 than any other year in recent history. Why? Simply this: 1993 was the year that Mosaic, the first modern web browser, launched and all of a sudden the non-technical world understood what this strange "internet" thing was for. This was despite the fact that the network had been switched on a whole decade earlier, during which time the world seemed almost entirely unaware of it; as a species, we seem to be slow on the uptake. Much the same would happen in 2023, I thought, with ChatGPT. Machine-learning technology, misleadingly rebranded as artificial intelligence (AI), has been around for eons, but for the most part, only geeks were interested in it.

Summary: The batch size governs the training speed and shouldn't be used to directly tune the validation set performance. Often, the ideal batch size will be the largest batch size supported by the available hardware.