GitLab 18.11 adds AI agents for security & pipelines
GitLab has released version 18.11 of its software development platform, expanding its use of AI agents into security remediation, pipeline setup and delivery analytics.
The update brings general availability of Agentic SAST Vulnerability Resolution for GitLab Ultimate customers using the GitLab Duo Agent Platform. It also adds two more agents for pipeline configuration and analytics, along with new spending controls for GitLab Credits.
GitLab frames the release around what it sees as a gap between faster AI-assisted code generation and slower delivery, security and operational processes. As code volumes rise, software teams still face delays in configuring pipelines, resolving vulnerabilities and extracting delivery data.
Security fixes
The security feature is designed to run after a static application security testing scan completes. It reviews confirmed true positives, generates a code fix aimed at the root cause and opens a merge request with a confidence score.
The service is limited to GitLab Ultimate customers using the GitLab Duo Agent Platform. GitLab cited its 2025 DevSecOps Report, which found that developers spend 11 hours a month remediating vulnerabilities after release.
New agents
The CI Expert Agent has entered beta and is aimed at teams setting up continuous integration pipelines. The tool inspects a repository, identifies its language and framework, and proposes a build-and-test pipeline through natural-language prompts instead of manual YAML configuration.
The second addition, the Data Analyst Agent, is now generally available. It is designed to answer natural-language questions using live software lifecycle data, including merge request cycle times, pipeline health and deployment frequency.
Unlike the security remediation tool, the analytics agent is available across GitLab's Free, Premium and Ultimate tiers where the GitLab Duo Agent Platform is enabled. Both new agents are available on GitLab.com, Self-Managed and Dedicated deployments.
Cost controls
The update also introduces subscription-level and per-user spending caps for GitLab Credits, the consumption model for on-demand AI services on the platform. Billing account managers can set a monthly limit at the subscription level, while separate per-user caps are intended to stop one individual from consuming the full allocation.
Administrators can monitor usage and cap status through the GitLab Credits dashboard and the Customers Portal. The controls are available for GitLab.com users and for Self-Managed customers running version 18.11.
The changes reflect a broader shift in software tooling, as suppliers try to embed AI more deeply into day-to-day engineering work rather than limiting it to code generation. For GitLab, that means placing AI agents inside repositories, pipelines, issues and security findings already held within its platform.
The move also highlights a competitive theme in the developer tools market. Vendors increasingly argue that access to platform context is central to making AI useful, particularly for tasks such as remediation, delivery reporting and workflow configuration, where code generation alone does not remove operational bottlenecks.
Manav Khurana, Chief Product and Marketing Officer at GitLab, outlined that position alongside the launch. "Much of the AI investment in software development has focused on writing code faster. The bigger opportunity is what comes next," he said. "Agents are only as effective as the context they can access. GitLab 18.11 extends our agents deeper into security, pipelines, and delivery analytics, where that context already lives. That's how GitLab is defining the future of software engineering in the AI era."