.png)
We shipped 62 features in June: roughly one every twelve hours! That pace isn't an accident. It's what happens when AI is writing more of the code, generating more of the tests, and clearing more of the review queue, and the rest of the delivery pipeline has to keep up.
This month's list touches almost every stage of that pipeline: builds that start faster, tests that write themselves, security scanning built for the volume of code AI agents now produce, feature flags that update without a redeploy, and on-call tooling that beats PagerDuty and OpsGenie on setup time alone. And on June 30, the biggest release of the month landed on top of all of it. Here's everything we shipped.
This month's biggest ships
Autonomous Worker Agents: Every step in a Harness pipeline, testing, security, deployment, and remediation, can now run as a reasoning agent instead of a fixed script, with the same governance and audit trails enterprises already trust for human-run deployments. It's the difference between AI helping write a script and AI running the step.
Parallel pipeline execution using a Directed Acyclic Graph: Pipelines can now declare dependencies between stages and run every independent one in parallel automatically, unlocking fan-out, fan-in, and diamond-shaped flows that sequential pipelines couldn't express. A convert-to-DAG API rewrites existing pipelines automatically, so the migration is a button, not a rebuild.
AI Engineering Insights: Measures what most engineering orgs are still guessing at: AI coding agent adoption over time, AI-committed code percentage, spend per developer, and PR cycle time for AI-assisted developers versus everyone else. It's the metric layer for the AI productivity paradox, not another dashboard of vanity stats.
Here are the details:
Every pipeline step can now be an agent
On June 30, Harness introduced Autonomous Worker Agents, a platform for building and safely running AI agents that handle the work between writing code and shipping it to production. Every step in a pipeline, testing, security, deployment, and remediation, can now run as a reasoning agent instead of a fixed script, governed by the same scoped credentials, OPA policy enforcement, approval gates, and audit trails enterprises already use for human-run deployments.
Agents pull context from the Harness Knowledge Graph, connecting services, pipelines, deployments, incidents, and policies, and act through the Harness MCP Server, so a developer working in Cursor, Claude Code, or another editor can hand a task to a Worker Agent and get the result back without leaving their tool. A new Agent Marketplace lets teams find, clone, and customize both Harness-managed and community-built agents, so the agent one team builds to solve a problem becomes the starting point for the next team that hits the same wall. Worker Agents are available now to all Harness customers and work with any LLM provider. Read the full announcement here.

Builds that start faster and cache smarter
Docker Layer Caching and Build Cache now both support Azure Blob Storage as a backend, joining S3 and GCS. Teams running on Azure no longer have to route their caching through a different cloud to get the speed benefit. Find more details in the CI release notes.
CI build initialization on Kubernetes infrastructure now sends only the fields required to start a build, shrinking the initialization payload. Pipelines with a large number of steps start faster and more reliably as a result.
A new Test Management Dashboard lists every test, including flaky and quarantined ones, with health status and last-run results in one place, so no one has to go hunting through build logs to find the test that's been silently failing all week.
Small but real: the lite-engine HTTP client now handles 3XX and 4XX responses from the log service correctly, so a redirect or an error response during log streaming no longer takes the build down with it.
AI writes the tests, coverage tells you if it's enough
AI Test Automation now runs Playwright test suites natively, in beta, as a first-class execution engine. Teams bring their existing Playwright suites and run them on the platform with zero infrastructure to stand up or maintain. Learn more about running Playwright tests on Harness.
Watch the demo:
Existing tests can now be converted into natural language and downloaded, so teammates who don't work in code, PMs, auditors, and new hires can review or document test coverage without reading a test file. More on that in the AI Test Automation release notes.
And Harness Code Repository now shows what percentage of your codebase is actually covered by tests, surfacing untested paths before they turn into incidents.
Deployments that scale without more YAML
Pipelines can now declare dependencies between stages with a dependsOn field. Harness runs every independent stage in parallel the moment its predecessors finish, unlocking fan-out into multiple parallel deployments, fan-in to a single approval gate, and diamond-shaped flows where build, test, and infra stages converge before promotion, patterns a sequential pipeline simply couldn't express. A new convert-to-DAG API rewrites an existing sequential pipeline automatically, so migration doesn't mean a rewrite.
Templates now support custom floating tags, not just the built-in stable pointer. Template owners can create tags like prod, canary, or qa, each pointing at a different template version, and repoint any of them independently without touching a single line of consumer YAML. That means you can promote a new template version to canary, let it bake, then move prod once it's validated, with different environments running different versions at the same time.
A handful of other pipeline and delivery upgrades this month: the Copy command in Command steps can now preserve directory structure so same-named files in different subfolders stop overwriting each other on target hosts; Kubernetes Dry Run steps now accept kubectl flags like --server-side and --force-conflicts, so approval gates reflect what a real deployment will do; the Artifactory connector supports OIDC for credential-free authentication with short-lived JWTs; AWS OIDC connectors now tag sessions with environment identifiers, letting you restrict production secrets to production pipelines even on a shared delegate pool; Istio traffic routing steps support AND/OR match logic across route rules; approval steps can show details to non-approvers without granting them approval rights; and issue-comment webhook triggers now resolve to the latest commit message instead of the PR description, bringing them in line with every other trigger type. Find the full rundown in the continuous delivery release notes.
Security built for how much code AI agents write now
A new AI-powered SAST engine, in beta, validates findings in context to cut triage effort and catch vulnerabilities that traditional static scanners miss, purpose-built for a world where AI-generated code is multiplying the volume of things that need checking. Learn more about AI SAST.

API Security Testing scans that get interrupted by timeouts or infrastructure issues can now resume from the point of failure instead of restarting from scratch. Scans also picked up a real-time validation summary tab, plus the ability to label and rename them so a security team running dozens of scans a week can actually tell them apart. Details are in the scan documentation.

A new API Inspector automatically analyzes OpenAPI specs for security, design, and data validation issues before deployment, catching problems while they're still cheap to fix.
Approvers reviewing exemption requests can now adjust the requested duration instead of only accepting or rejecting it outright, which means fewer rejected requests that just get resubmitted with a smaller ask.
Teams can now bulk onboard Bitbucket repositories and run SBOM and security scans automatically, no manual pipeline setup required, and role-based permissions expanded across more supply chain workflows. Learn more about Bitbucket onboarding.

Harness AI now generates OPA policies directly, trained on OPA and REGO best practices, and can explain existing policies in plain language, so writing policy-as-code no longer requires deep REGO expertise on the team.
Rounding out security: issue detection policies can now scope to specific span attributes to cut noise, API exclusion rules gained span-attribute filtering for the same reason, a new Applications view groups related APIs and AI assets into business-centric categories like payments or order processing so large API inventories stay navigable, the older API Activity dashboard is being retired in favor of these newer views, and Role Assignment API endpoints now validate request payloads up front, returning clear errors instead of failing downstream.

Feature flags that update without a redeploy
Feature flag definitions can now be changed through a pipeline step that applies structured, atomic updates, batching multiple configuration changes into one consistent operation instead of stitching together raw patch calls. Find more details here.
And a new family of thin SDKs, built for browsers, mobile apps, and edge or serverless JavaScript, delegates flag evaluation to a remote evaluator in the cloud instead of computing it on-device. Rollout rules and segment definitions stay server-side; the SDK only gets the result. Learn more in the feature flag release notes.
Finding out what AI is actually doing to your engineering org
A new AI Engineering Insights capability tracks AI coding agent adoption across teams over time, measures output with metrics like AI-committed code percentage and lines generated, and monitors spend per developer and per commit. It also compares AI-assisted and non-AI developer performance head-to-head on PR cycle time and work items delivered, with a leaderboard for drilling into individual patterns. Read more in the AI DLC Insights release notes.
Cloud and AI cost management gets more precise
The Cloud and AI Cost Management overview page got a redesign: new widgets for top spenders, optimization impact, and service breakdown, plus support for AWS and GCP cost adjustments.
You can now connect OpenAI and Anthropic accounts directly through a guided three-step wizard with secure API key storage and live connection testing, currently behind a feature flag. Grouping AI traces by service in Cost Explorer now opens a drawer with run history, a span-level timeline, and cost attribution down to the individual trace. And a new Asset Governance tab lets you set cost preferences separately for AWS, GCP, and Azure, also behind a feature flag.
The rest of this month's cost updates were accuracy and access fixes: anomaly filters no longer silently ignore a perspective that's been deleted, nodepool savings calculations now use the same cost basis as the monthly total instead of overstating savings, overview anomaly counts now include both resource-level and cost-category anomalies, only users with the right permission can edit or delete anomaly alerts, recommendation savings labels are localized to your preferred cost type, repeated commitment renewal events now collapse into a single indicator instead of a wall of icons, and filter messaging and recommendations navigation both got cleaned up. Full details are in the cost management release notes.
The developer portal gets better at knowing what you actually have
New integrations auto-discover and ingest entities from your existing tools, no manual YAML, no custom scripts. Unlike frontend-only plugins, this data feeds into scorecards, workflows, aggregation rules, and the knowledge graph itself.
Bitbucket Cloud entities in the catalog now show pull request history and commit activity right on the entity page, and Dynatrace entities show monitor and SLO data the same way, so developers get observability context without leaving the portal. More on that in the IDP release notes.

Environment Management now shows a clear, current state for every environment, so platform engineers know what's actually happening without cross-referencing three other tools.
Infrastructure as code, managed like a real registry
Module Registry 2.0, in beta, lets teams publish IaC modules as immutable artifacts, auto-sync new versions on publish, and govern them with Supported, Warning, and Deprecated controls across project, org, and account scopes. Self-service, with guardrails, instead of a spreadsheet tracking who's on which version. Learn more about Module Registry.
Drift detection can now run on any schedule you set, and workspaces can be given a TTL so short-lived infrastructure, PR environments, and feature branches tears itself down automatically instead of quietly running up a cloud bill. Find more details on ephemeral workspaces.
Database changes that ship like code
Database DevOps now supports Harness Code Repository natively as a schema source, so teams no longer need a separate Git connector just to point at their own repo.
And Database DevOps can now authenticate to Amazon RDS and Aurora using AWS IAM through Harness's delegate, currently in beta and behind a feature flag, cutting down on credential management overhead and closing off a class of stored-secret risk.
Artifacts that clean up after themselves
Harness Artifact Registry now supports policy-based lifecycle rules that automatically delete or protect artifacts based on version count, age, or download activity. Administrators set the policy once instead of manually pruning old builds every quarter. Learn more in the Artifact Registry release notes.

Resilience testing before production finds the gap for you
Resilience Testing picked up Linux and Windows chaos experiment templates for the Chaos Step, audit trails with YAML diff visualization for the image registry, better probe timeout and retry handling, and the ability to copy output variables straight from the timeline view. Find the full list in the Chaos Engineering release notes.
Incident response that outpaces PagerDuty and OpsGenie
Escalation policies can now target a single rotation inside a schedule instead of paging every responder across it. If an incident belongs to "IT West Critical," only that rotation gets paged. Rotations, schedules, and users can all be mixed as targets across different levels of the same policy, so each escalation step reaches exactly the right people.
On-call configuration can now be imported by picking the exact services and groups you want, instead of pulling an entire account in one shot, and it works across PagerDuty, OpsGenie, and xMatters. That's a direct answer to the biggest complaint about migrating off those tools: an all-or-nothing import that forces a weekend cutover.
Runbooks can now be duplicated in one click, chain items, action configurations, and metadata all carried over intact, with the copy opening automatically so you can start tailoring it instead of rebuilding from scratch.
The pattern
None of these features exists in isolation. AI is compressing how fast code gets written, which means the pressure shows up everywhere downstream: builds need to start faster, tests need to generate themselves, security scanning needs to handle more volume without more false positives, and incident response needs to route the right alert to the right rotation the first time. Autonomous Worker Agents is the next turn of that same screw: instead of just helping teams keep up with AI-written code, Harness is now putting AI directly into the pipeline steps that ship, secure, and operate it. Sixty-two features in thirty days, plus a new agent platform on top, is what closing the velocity gap looks like in practice. We'll be back next month with more of it.
