« Blog Home

GitLab Duo Agent Platform: AI Agents Transforming DevSecOps

December 7, 2025 ¬ 8:43 amh.Tamir Gefen

Getting your Trinity Audio player ready...

This article shares our perspective on the new GitLab Duo Agent Platform (DAP), based on our experience as long-time GitLab partners providing support and professional services. Over the years, we’ve helped many customers get the most out of the GitLab platform (learn more here),
and this overview reflects what we’re seeing in the field today and in near future.

_{Illustration: GitLab Duo Agent Platform}

GitLab Duo Agent Platform is a new AI-driven solution that embeds multiple intelligent assistants (“agents”) into the software development lifecycle. It acts as an orchestration layer where developers collaborate asynchronously with AI agents across DevSecOps, turning linear workflows into dynamic, parallel processes.
Routine tasks – from code refactoring to security scanning and research – can be offloaded to specialized AI agents, while human developers focus on complex problem-solving and innovation.

The platform leverages GitLab’s role as a one-stop DevSecOps system of record (encompassing code management, CI/CD pipelines, issue tracking, test results, security scans, etc.) to give these agents full project context, so they make informed contributions aligned with your team’s standards and practices.

In short, GitLab Duo Agent Platform is like having an unlimited team of AI co-workers embedded in your development workflow, helping you build, test, secure, and ship software faster.

GitLab Duo Agent Platform turns linear DevSecOps into a dynamic, parallel workflow where an unlimited team of AI co‑workers keeps shipping moving”

Key Capabilities and How It Works

1. Multiple Specialized AI Agents (in Parallel):

Duo Agent Platform enables many AI agents to work side by side on different tasks simultaneously. For example, you might have a Software Developer Agent generating code changes, a Security Analyst Agent reviewing for vulnerabilities, and a Deep Research Agent analyzing project history – all at once.
Each agent has a defined role (development, testing, code review, security, etc.) and they operate under unified orchestration to collaboratively advance the project.
This parallelism reduces wait times and keeps development moving continuously.

2. Agentic Chat & IDE Integration:

Developers interact with Duo agents through natural language chat, available directly in their workflow – via VS Code and JetBrains IDE extensions or in the GitLab web UI.
You can ask questions or delegate tasks in plain English, and even use slash-command shortcuts (like /explain, /test, or /include) to trigger specific actions.
The chat interface is context-aware, maintaining history and project context, so agents can discuss code, explain test failures, or suggest fixes with full awareness of your repository’s content. This keeps developers “in flow,” getting AI assistance without leaving their coding environment.

3. Full Lifecycle Context:

Because GitLab Duo agents are natively integrated into the GitLab platform, they have access to all relevant project data – source code, commit history, merge requests, test logs, security scan results, and more.
This rich context means an agent’s suggestions or actions are not made in isolation; they’re informed by the entire SDLC environment.
For instance, an agent can answer, “Why did this pipeline fail?” by analyzing the code diff, test output, and recent commits together. Each agent’s decisions are aligned with your organization’s standards and past knowledge, increasing the relevance and accuracy of their outputs.

4. Custom Rules and Policies:

Teams can customize how agents behave to enforce coding standards and best practices.
Using natural language, you can define rules or style guides that agents must follow (for example, “always include a docstring for new functions” or “use our approved logging library”). The Duo platform will then ensure generated code or fixes adhere to those conventions.
This capability means AI assistance produces consistent, secure code that aligns with your team’s preferences, reducing the effort spent in code review rework. As GitLab notes, such custom rules speed up reviews and let developers ship compliant code faster.

5. Agent Flows (Orchestrated Workflows):

Beyond individual agents, GitLab Duo introduces Flows – pre-defined or custom workflows that coordinate multiple agents to handle multi-step processes autonomously.
For example, a Software Development Flow can orchestrate everything from planning a new feature to implementing the code and then testing it, using different agents for each stage.
One flow in beta can take an open issue, have agents analyze requirements, generate code changes, and run tests, automatically turning an idea into a ready merge request.
These agent flows tackle complex, hours-long tasks in a fraction of the time by running steps in parallel and without manual handoffs.

6. Extensibility and Integration:

The Duo Agent Platform is built to be extensible. It supports the open Model Context Protocol (MCP), which means your GitLab AI agents can connect to external systems to gather information or perform actions.
For instance, an agent could pull data from Jira or ServiceNow tickets to gain extra context on a feature request, or even update those systems from the GitLab chat interface. This integration makes Duo not just a coding assistant but an intelligent layer across your entire toolchain.
GitLab is continually adding to the agent catalog (with planned agents for product planning, platform engineering, deployment, etc.) and allows organizations to create their own custom agents and share them via an AI catalog. Whether you have 5 or 50 agents running, the platform can be adapted to your workflow and environment needs.

Accelerating Development and Time to Market

By delegating grunt work to AI and running tasks concurrently, GitLab Duo Agent Platform dramatically accelerates the development process. Developers no longer have to pause coding to run tests, do code clean-up, or await security reviews – those can happen asynchronously in the background. For example, rather than a engineer manually performing a large refactor then waiting for a separate security scan afterward, Duo’s agents can handle the refactoring and vulnerability checking in parallel. This elimination of bottlenecks means faster feedback loops and shorter iteration cycles. In practice, workflows that used to span days (or require multiple team members) might be completed in hours.
GitLab’s agent Flows underscore this speed boost: a coordinated flow can plan, implement, and verify a code change end-to-end without human intervention, compressing what was once a sequence of hand-offs into one automated sequence.

By offloading grunt work to specialized AI agents, teams ship features faster, with higher quality and stronger security, without slowing developers down.”

Early results from the beta are promising. Teams report significant productivity gains – AI agents tirelessly tackle the “busy work” so human talent can focus on high-value tasks. NatWest Group, an early adopter, noted that embedding Duo’s AI agents in their development lifecycle has “boosted productivity, velocity, and efficiency” by freeing developers from repetitive tasks. In other words, features move from idea to production faster because fewer tasks wait in queues or slip through cracks. With agents even proactively monitoring pipelines and code quality, issues are caught and resolved sooner, preventing late-stage surprises. All of this adds up to faster delivery and an accelerated time to market for new features – a key competitive advantage for engineering organizations.

Improving Code Quality and Security

While speed is important, quality and security remain paramount – and GitLab Duo Agent Platform is engineered to improve these as well. The platform’s AI Code Reviewer agents conduct thorough code reviews 24/7, following your team’s defined standards. They automatically flag style inconsistencies, potential bugs, and even security vulnerabilities in merge requests, acting as an ever-vigilant reviewer. These AI code reviewers can suggest changes and even auto-approve and merge code once it meets all criteria, ensuring that no critical checklist is skipped in a hurry.

Specialized security agents are integrated into the development flow, so security isn’t an afterthought or a separate silo.
A Security Analyst Agent can scan the codebase and dependencies for known vulnerabilities or misconfigurations, then actually implement fixes or configuration changes to remediate those weaknesses. This not only identifies issues early (shift-left security), but also helps remediate them on the spot, reducing the burden on security engineers to manually patch every flaw.

Furthermore, because Duo agents have full awareness of your project’s compliance requirements and past incidents, they make recommendations that adhere to your organization’s policies and guardrails. The platform’s knowledge graph and custom rules ensure that AI-generated code aligns with secure coding practices and regulatory standards from the start.

By having AI assistants reviewing code and monitoring for risks continuously, teams can achieve a higher baseline of code quality. Bugs that might have slipped through code review or edge-case tests are more likely to be caught. Security issues that could linger unnoticed are identified immediately.
In essence, GitLab Duo acts as a force multiplier for quality assurance – every merge request and pipeline run has extra “eyes” on it. The result is more reliable, maintainable code and a more secure software product without slowing down development.

Who Benefits Day-to-Day?

One of the strengths of GitLab Duo Agent Platform is that it delivers value to multiple stakeholders in the software team, enhancing daily workflows for each:

1. Developers:

Software engineers and testers gain an AI pair programmer (and more). Duo agents handle tedious tasks like writing boilerplate code, generating unit tests, documenting code, and debugging common issues, which helps developers stay “in the zone.” By asking the chat agent questions (“Why is this test failing?” or “Explain this function”), developers can quickly unblock themselves with insights drawn from across the project’s context. They spend less time on rote work and chasing down information, and more time on creative architecture and solving challenging problems. In short, developers have virtual helpers that increase their productivity and even accelerate onboarding on new projects by explaining code and workflows on demand.

2. Engineering Leaders:

Team leads, architects, and development managers benefit from greater visibility and automation. GitLab Duo can automatically provide updates on project status, compile release notes, or even triage issue backlogs. For instance, the Deep Research Agent can gather and correlate data from across epics, issues, code commits, and deployments to answer high-level questions about project progress or risk – work that might take a manager hours of meetings and digging to accomplish manually. Leaders can delegate certain planning tasks to an AI (e.g. backlog prioritization via a Product Planning Agent) and trust that coding standards and security policies are being enforced consistently by the agents. This means fewer surprises before a release and more predictable outcomes. Ultimately, engineering leadership sees faster delivery cycles and improved team efficiency, with AI-driven reports and insights to guide decision-making.

3. Security & DevSecOps Teams:

Security engineers and DevOps practitioners see many of their routine checks automated and integrated into the development process.
Instead of solely relying on late-stage security audits, the AI Security Agent is continuously scanning code and configurations for vulnerabilities.
It can even propose or apply fixes, acting as a first line of defense. This reduces the workload on security experts, allowing them to focus on advanced threat analysis and strategic security improvements rather than chasing endless minor issues. Additionally, compliance auditing becomes easier – agents can ensure that every merge request has required approvals, tests, and security scans before it’s merged, enforcing organizational policy automatically.

4. DevOps teams:

For DevOps, having agents monitor CI/CD pipeline health and infrastructure (Platform Engineer Agent) means quicker detection of performance issues or failures, with suggestions on how to resolve them. In essence, Duo’s agents help maintain a high security and stability bar without slowing down development, reconciling the often competing priorities of speed and safety.

Use Cases and Examples

GitLab Duo Agent Platform may sound futuristic, but users are already seeing its impact in real scenarios. One example comes from GitLab’s own engineering team: a developer needed to understand and document a complex gRPC communication flow in a Go microservice.
This task would normally involve reading through many files and manually drawing sequence diagrams – potentially a full day of work.

Instead, they turned to the Duo Agent Platform.
By prompting the agent to “generate a Mermaid diagram of the gRPC interaction between services,” the developer had the AI systematically scan the relevant Go code (including following function calls across files), analyze the request/response patterns, and produce a complete diagram of the communication flow.
What’s more, the agent didn’t operate in a vacuum: it paused to ask clarifying questions (for example, whether to include error-handling details in the diagram) and adjusted its plan based on the developer’s feedback.
The outcome was comprehensive documentation delivered in minutes, not hours, illustrating how Duo can dramatically speed up understanding of a codebase for onboarding or troubleshooting.

Large organizations are also test-driving the platform

NatWest Group, a major bank, has reported that GitLab Duo’s AI agents became “true collaborators” for their teams across coding, testing, and CI/CD processes, and significantly boosted their development velocity.
This kind of testimonial highlights that Duo Agent Platform isn’t just an academic experiment – it’s already helping real-world teams deliver better software more efficiently.

As GitLab continues to refine the platform (the public beta is available to all Premium and Ultimate customers, with general availability expected by end of year), more use cases are emerging – from auto-generating merge requests to fix vulnerabilities, to one-click agent flows that migrate entire CI/CD configurations.
Each example reinforces the core promise of GitLab Duo Agent Platform: augmenting human teams with AI-powered agents to ship software faster, with higher quality and security.

Summary

By infusing intelligent automation throughout the development lifecycle, GitLab Duo Agent Platform provides a glimpse of the future of DevSecOps. It brings capabilities that appeal to developers, engineering leaders, and security experts alike – boosting productivity and innovation while ensuring robust standards. In a world where speed to market and software security are both critical, GitLab’s AI-powered agent platform offers a compelling way to achieve both, enabling teams to “start shipping better software faster” with the help of their new AI teammates.

Watch a Quick Overview of GitLab Duo Agent Platform:

We added captions at your convenience (click “CC” button)

ALM Toolbox has assisted hundreds of clients in selecting the appropriate GitLab license and in planning the product’s implementation and deployment.
We have been official partners of GitLab since 2016 and hold titles awarded by GitLab company: “Selected Partner”, “GitLab Hero” and “GitLab Champion” as well as official professional GitLab certifications after passing qualification exams.
Recently, we were also selected by the research firm STKI as the “GitLab Selected Partner” for 2025.
You can contact us by email at gitlab@almtoolbox.com or call us:
866-503-1471 (USA / Canada) or +31 85 064 4633 (International)