GitLab Inc. (NASDAQ: GTLB) released version 18.11 of its DevSecOps platform, introducing AI agents that automatically generate security vulnerability fixes and set up CI pipelines.

The company made its Agentic SAST Vulnerability Resolution feature generally available for Ultimate customers. The agent analyzes confirmed security vulnerabilities from static application security testing scans and generates code fixes designed to address root causes. It then creates merge requests with confidence scores for developers to review.

GitLab added two new agents to its Duo Agent Platform. The CI Expert Agent, currently in beta, examines repositories to identify programming languages and frameworks, then proposes build-and-test pipelines without requiring manual YAML configuration. The Data Analyst Agent, now generally available, provides visual answers to natural language questions about software delivery metrics including merge request cycle times and pipeline performance.

The platform introduced spending controls for GitLab Credits, the company's AI usage currency. Organizations can now set monthly spending caps at the subscription level and per-user limits to manage AI-related costs. These controls are available through the GitLab Credits dashboard and customer portal.

"Agents are only as effective as the context they can access," said Manav Khurana, chief product and marketing officer at GitLab. "GitLab 18.11 extends our agents deeper into security, pipelines, and delivery analytics, where that context already lives."

The new features are available across GitLab.com, self-managed, and dedicated deployments. The Data Analyst Agent is accessible to Free, Premium, and Ultimate tier customers with GitLab Duo Agent Platform enabled, while other features require specific subscription levels.

According to GitLab's 2025 DevSecOps Report, developers spend 11 hours monthly fixing vulnerabilities after software release. The company serves more than 50 million registered users.