The AI software engineer you can rely on. Ona works with and for your teams across the entire development lifecycle. Automatically setup with your code, secrets and policies.
External link for Ona
New York, New York, US
JSON is king !
For years, I wasted time on front-ends, wrangling divs to translate JSON for the easier reading of normies who were (frankly) just too lazy to learn to put squiggly brackets and commas in the right places. From today, no more. ona.com is now JSON first.
"I'm using agents. My team wants to adopt background agents. Where do we start?" We launched a background agents microsite a few weeks ago. The thing that resonated most was what we called "The false summit". You're running agents. Maybe parallelising them. Starting to think about making them proactive. It feels like you're close to the destination. You're not, but the next question is fair: where do I actually start? That's why we built a hand-curated agent landscape, the specific tools to look at if you're thinking about building background agent infrastructure. 🚀 Lou Bichard does a quick walk through on camera, check out the site to watch the full recording: background-agents. com/landscape
The landscape exists because the #1 question after we launched backgroundagents .com basically came down to: "Where does my team start?" 🚀 Lou Bichard mapped tools across sandboxes, orchestration, security, protocols, and benchmarks to help answer that. Let us know what you think!
Want to build your own background agents platform like Ramp Inspect or Stripe Minions? Now you can: --- Engineering teams are watching Stripe merge a thousand agent-authored PRs a week, Ramp attribute over half their PRs to agents, and Spotify ship 1,500+ agent-generated changes into production. The natural question is: how do I do that? Today, we're helping you get one step closer to that answer with the background agent tool landscape. A few things we learned building it: The agent layer is well understood, orchestration is not. There are currently 16 tools in the agent layer, and we could have listed 100 more. However the industry is also converging towards a handful of base agents/harnesses like Claude Code and Cursor. The real challenge now, is not with the harnesses themselves, but with the orchestration of large-scale fleets of agents. Sandboxes and dev environments are not the same thing. There's also a lot of category confusion, most notably with sandboxes. Sandboxes are a category that started out primarily to add code execution to agentic software like ChatGPT or Claude. But, is now being re-purposed as more general purpose development environments for agents, despite not being fit for purpose. Security and identity is the biggest gap. Security is one of the main challenges holding back mass-market adoption of background agents, and security is tightly coupled to the runtime layer. Ona Veto, for example, enforces policies at the kernel level to address the issue that path-based denylists don't work with agents. But every platform approaches security differently. We expect the landscape to look very different in six months. If we're missing something, or if you disagree with how we've drawn the lines, we'd love to know. Check it out, and we hope it helps! Link in the comments
Ona reposted this
We're hiring a Business Development Rep - US (remote) at Ona. As a BDR, you'll be the first point of contact in establishing relationships with prospects in pursuit of making every enterprise a tech company. You'll drive targeted outreach campaigns as part of our ABM strategy to engage prospects, book qualified meetings, and bring insights from the field back to the team to continuously sharpen our strategy. We're looking for someone with deep technical curiosity, exceptional communication skills, and an authentic excitement for agentic development. Come hang with me, Lydia, and Karthik!
Join 🚀 Lou Bichard and Leonardo Di Donato from Ona and Mackenzie Jackson from Aikido Security on March 11th -> What this webinar covers: Your scanner only finds vulnerabilities and bumps versions, but AI software engineers raise PRs to fix them, autonomously and in the background while you sleep. No organization should be manually remediating CVEs anymore. The attention of your engineers is the most critical resource for AI first organizations. CVE remediation is repetitive toil that can be delegated to AI software engineers working in the background. Your organization likely has a tool to find vulnerabilities such as Snyk, Dependabot, or Wiz. But, to remediate you're wasting hours chasing teams and competing with their backlog. AI software engineers change this equation. With Ona, you can launch a fleet of AI software engineers that can take flagged CVEs and open full working pull requests, not just bumping version numbers. Using their own isolated environment they can iterate on configurations to ensure that all your tests pass. Key takeaways: · Why CVE remediation is an ideal first use case for AI adoption · The infrastructure requirements for agent-based CVE remediation · How fleets allow you to fix CVEs in the background This webinar is for you if: You're a security engineer with an exploding CVE backlog, or an engineering leader with auditors breathing down your neck with hard questions about remediation timelines.
Today we're launching Veto in early access: kernel-level enforcement for every agent running on the Ona platform. Agents reason. That changes security more than most people realize. Leonardo Di Donato ran an experiment where Claude Code bypassed its own denylist and disabled its own sandbox to finish a task. It wasn't told to, it just did. Horizontal security won't work here. You can't layer controls across runtimes you don't own and expect them to hold against something that thinks. We believe that security has to be native to the platform. The runtime, the kernel, the network boundary. Veto identifies binaries by content, not filename. SHA-256 hash at the kernel level. Rename it, copy it, symlink it. It doesn't matter, Veto blocks it. Links to both the announcement post as well as Leo's technical deep dive are in the comments. Veto is available in early access for a set of design partners with strict security requirements. Let us know if you're interested to try it out! Link to the announcement post and technical deep dive is in the comments.
Coding agents didn’t remove the bottleneck. They moved it. The teams actually improving delivery aren’t stopping at coding agents. They’re deploying agents across the entire SDLC. We broke down that shift here: background-agents.com Writing code faster doesn’t fix delivery; it increases pressure downstream. More PRs lead to longer reviews. Faster reviews create testing backlogs. Accelerate testing, and deploys begin to queue. The constraint doesn’t disappear, it just relocates. Optimizing each stage individually doesn’t change system throughput. What does change it is restructuring the system. High-performing teams are running agents across the whole pipeline. Dependency updates run on a schedule and open upgrade PRs automatically across every repo. Incident triage agents gather logs, correlate recent deployments, and post root cause summaries before on-call even begins investigating. Routine maintenance and cross-repo changes happen continuously in the background instead of waiting for someone to initiate them. The goal isn’t faster code generation. It’s faster delivery. That requires treating the SDLC as a system and deploying agents accordingly.
Ona Automations is now generally available: proactive background agents that run in the cloud, pick up engineering work, and deliver merge-ready pull requests. Here's what you can automate today: - Backlog pickup — Ona scans Linear or Jira daily, picks up well-scoped tickets, and opens CI-green PRs by morning - Sentry triage & fix — new issues triaged and resolved before your team starts the day - Codebase cleanup — Knip finds unused dependencies, exports, and files; Ona removes them - CVE remediation — run Snyk or Aikido, resolve findings, rescan until clean And many more use cases we probably haven't even thought of. Here's how Automations work: → Trigger on a schedule, webhook, or PR event → Chain AI prompts with deterministic shell scripts in closed-loop workflows → Every run gets a full cloud dev environment, not a CI container, but the same tooling your engineers use → Ona clones, branches, builds, tests, iterates, and opens a PR across as many repos as you need → Full reporting and audit trail on every execution Start from a template or build your own from scratch. Read the full announcement linked in comments and let us know what you build!
When AI writes the code, what happens to engineers? Ona Agents are writing 92% of our code and we're 2.5x faster than we were six months ago with roughly the same amount of humans and increased quality. Our engineering team has shifted from being software engineers to conductors, directing multiple agents that work in parallel. Johannes Landgraf and Christian Weichel sat down to talk about the shift to agent orchestration, the human identity crisis, and how we've seen this play out in the some of the world's largest enterprises as we've partnered with them on their AI transformation journey. Watch the full conversation here: https://lnkd.in/grYXdcAk
What a few weeks it's been for vulnerabilities 😅 Shai Hulud recently backdoored 100's of npm packages, then on December 3rd, React2Shell landed with a 'perfect' CVSS 10.0 score, which is the highest possible severity for a cybersecurity vulnerability. So the companies that just finished patching React2Shell now need to patch, again! For Shai Hulud, at Ona we spent days proactively and as a precation in incident response: rotating secrets, reviewing AWS and GCP audit logs, disabling npm lifecycle scripts and tightening up any GitHub environment protections. There's not getting away from the fact that this impacts roadmap progress, and pulls engineers from 100 other valuable things they could be doing. The saving grace was that, during the incident we were able to heavily leverage Ona AI software engineers to support the team in scanning our repositories, identify any areas of vulnerability, and opening pull requests to make updates significantly speeding up our response time and saving us days, if not weeks of work. Just next week we are running an online event to show how Ona (formerly Gitpod) uses AI software engineers to better respond to these types of security incidents faster, and with less effort, sometimes even while you're sleeping. Hosted by our very own 🌊 Matthew Boyle (previous experience Cloudflare) and 🚀 Lou Bichard, who both have previous engineering leaderhsip experience at various companies included Cloudflare and DAZN: ✅ How one FTSE 100 company eliminated CVEs in hours, rather than weeks, using automated agents ✅ Why individual productivity tools hit a ceiling at organizational scale and what comes next ✅ The honest reality: what works today with AI agents and what's still hard ✅ How to respond to security vulnerabilities 10x faster without pulling engineers off revenue work