GitLab has released GitLab 18.11, expanding agentic AI across the entire software lifecycle with security remediation, pipeline configuration, and delivery analytics.
AI-generated code moves faster than the systems around it can keep up with, creating the AI paradox: faster code generation without faster delivery, security, or operations to match. As code volume grows, so does the backlog of pipelines to configure, security findings to remediate, and delivery questions to answer. GitLab 18.11 helps address those gaps with platform-native agents that have access to the code, pipelines, issues, and security findings already in GitLab.
Agentic SAST Vulnerability Resolution is now generally available for GitLab Ultimate customers using GitLab Duo Agent Platform. According to GitLab’s 2025 DevSecOps Report, developers spend 11 hours per month remediating vulnerabilities after release, fixing issues that are already exploitable in production.
When a SAST scan completes, the agent analyzes confirmed true positives, generates a code fix designed to address the root cause, and opens a ready-to-merge request with a confidence score enabling developers to act without context switching and close vulnerabilities before they reach production.
New prebuilt agents for CI and analytics
For many teams, standing up a first pipeline can be a significant adoption barrier. Teams that want to know how long MRs sit in review or which pipelines are slowing them down have to file a dashboard request or learn a query language. GitLab 18.11 ships two new foundational agents for GitLab Duo Agent Platform that help address both gaps.
The CI Expert Agent, now in beta, inspects a repository, identifies its language and framework, and proposes a build-and-test pipeline in natural language, targeting a running pipeline in minutes, with no YAML written manually.
The Data Analyst Agent, now generally available, answers natural-language questions with fast visual answers about the live software lifecycle data, covering merge request cycle times, pipeline health, deployment frequency, and more. It is available to Free, Premium, and Ultimate tier customers, with GitLab Duo Agent Platform enabled.
Usage controls give organizations predictable AI spend
New subscription-level and per-user spending caps for GitLab Credits give organizations direct control over on-demand AI spend. Subscription-level caps let billing account managers configure a monthly limit with enforcement controls, while per-user caps ensure no single user exhausts the pool.
These controls enable enterprises to deploy GitLab Duo Agent Platform at scale with cost predictability. The GitLab Credits dashboard and Customers Portal give administrators visibility into usage and cap status.
“Much of the AI investment in software development has focused on writing code faster. The bigger opportunity is what comes next,” said Manav Khurana, chief product and marketing officer at GitLab. “Agents are only as effective as the context they can access. GitLab 18.11 extends our agents deeper into security, pipelines, and delivery analytics, where that context already lives. That’s how GitLab is defining the future of software engineering in the AI era.”
