Automation in Developer Tools Expands with AI Reliability and Orchestration Insights
In This Article
Automation in software engineering is having a moment—and not the tidy, “CI runs faster” kind. This week’s developments show automation expanding in two directions at once: toward more powerful agent-driven workflows that can touch more of the stack, and toward defensive automation meant to keep that power from breaking production or poisoning the supply chain.
On the productivity side, the industry is racing to make automation more composable. Google’s Antigravity 2.0 arrived with an updated desktop app, a CLI tool, and an SDK aimed at orchestrating multiple agents and custom subagent workflows, with integrations spanning Google AI Studio, Android, and Firebase [4]. Notion, meanwhile, is repositioning its workspace as a hub for AI agents by shipping a developer platform that lets teams build automated multistep workflows pulling data from any database [5]. These moves signal a shift: automation isn’t just embedded in IDEs anymore—it’s becoming a cross-tool control plane.
But the same week also underscored the cost of scaling automation without guardrails. Resolve AI argued that the AI coding boom is “breaking production systems,” and it’s responding with always-on background agents and an investigation architecture where specialized agents verify each other’s conclusions [2]. And on the security front, CrowdStrike, Google, and Shadowserver dismantled the Glassworm botnet after it spent two years compromising open-source developers—using malicious extensions, malvertising, and hijacked developer accounts to infect more than 300 GitHub repositories [1].
Put together, the message is clear: automation is now a systems problem. The winners won’t just automate more—they’ll automate safely, verifiably, and with supply-chain realities in mind.
Agent orchestration is becoming a first-class developer interface
This week’s most visible automation trend is the “agent orchestration layer” moving closer to developers’ daily workflows. Google’s Antigravity 2.0 is explicitly framed around orchestrating multiple agents and designing custom subagent workflows, delivered not only as a desktop app but also as a CLI tool and an SDK for custom workflows [4]. That packaging matters: a CLI and SDK imply automation that can be scripted, versioned, and embedded into existing engineering processes rather than living as a standalone UI experiment.
Notion’s update points to a parallel shift: automation is being pulled into the collaboration surface where teams already coordinate work. By introducing a developer platform that extends custom AI agents, Notion is enabling automated multistep workflows that can pull in data from any database [5]. The key detail is “multistep” plus “any database”—a combination that pushes automation beyond single prompts into repeatable, tool-spanning procedures.
Why it matters for software engineering: these products are converging on a model where developers define workflows as compositions of agents and integrations, not just scripts and webhooks. The practical implication is that automation can be expressed at a higher level—“subagents” and “multistep workflows”—while still being operationalized through developer-friendly interfaces like CLIs and SDKs [4][5].
The expert takeaway is less about novelty and more about surface area. As orchestration becomes easier, more teams will automate more steps across build, deploy, and operational workflows. That increases leverage—but it also increases the blast radius when something goes wrong, because orchestrated agents can touch many systems quickly. This week’s other news items show the industry already reacting to that reality.
Reliability automation is shifting from dashboards to always-on investigation agents
As AI-generated code proliferates, the reliability problem is no longer just “find the bug faster.” Resolve AI’s pitch is that the AI coding boom is breaking production systems, and its response is an expanded platform with always-on background agents and a redesigned investigation architecture [2]. The notable engineering choice is the use of specialized agents that independently verify each other’s conclusions [2]. That’s an automation pattern aimed at reducing false confidence—an explicit acknowledgment that automated reasoning can be wrong, and that systems need internal checks.
This matters because it reframes automation from “assist the developer” to “continuously interrogate the system.” Always-on agents imply persistent monitoring and investigation workflows that run in the background, rather than being triggered only after an incident escalates. And the “verify each other” design suggests a move toward automated cross-validation as a reliability primitive, not an optional feature.
In real-world terms, teams adopting more agent-driven development workflows are also going to need agent-driven operational workflows. If code is produced faster (and sometimes more recklessly), the downstream systems must compensate with faster, more structured investigation. Resolve AI’s approach—specialized agents with independent verification—reads like an attempt to build that compensating mechanism directly into the tooling layer [2].
The broader implication is that reliability automation is becoming more architectural. It’s not just alerts and runbooks; it’s automated investigation logic that tries to produce trustworthy conclusions. This week’s theme is that automation is expanding, but the industry is simultaneously building meta-automation: automation that checks automation.
Supply-chain automation’s dark mirror: botnets targeting developer ecosystems
Automation doesn’t only help defenders and builders; it also scales attackers. The clearest example this week was the takedown of the Glassworm botnet. CrowdStrike, working with Google and Shadowserver, dismantled infrastructure that had been compromising open-source software developers for two years [1]. The tactics described—publishing malicious extensions, malvertising, and hijacking developer accounts—are all methods that exploit the same distribution channels developers rely on for speed and convenience [1].
The impact was not abstract: the attackers infected more than 300 GitHub repositories [1]. That number matters because it highlights how supply-chain compromise can propagate through automation-friendly workflows—dependency reuse, copy-paste adoption, and rapid integration—without requiring direct targeting of every downstream victim.
The takedown disrupted the botnet’s command-and-control channels, severing the hackers’ access to infected systems [1]. That’s a reminder that defensive automation and coordination can work at scale too, but it also underscores a sobering point: developer ecosystems are now a primary battleground, not a secondary one.
For engineering leaders, the lesson is that automation increases the value of developer accounts, extensions, and repositories as attack surfaces. The more we automate through shared components and integrated workflows, the more attackers will focus on poisoning those shared paths. This week’s security news is inseparable from the week’s productivity news: the same connective tissue that enables agent orchestration also creates new routes for compromise.
Platform consolidation: SDK automation becomes a strategic asset
Automation is also becoming a competitive moat, especially when it touches developer experience at scale. TechCrunch reported that Anthropic acquired Stainless, a startup known for automating the creation and maintenance of SDKs used by major AI labs, including OpenAI and Google [3]. The strategic consequence is explicit: Anthropic can integrate Stainless’s technology into its operations while discontinuing its availability to competitors [3].
Why this matters for software engineering is straightforward: SDKs are the front door to platforms. Automating SDK creation and maintenance reduces friction for developers and accelerates adoption, but it also standardizes how developers interact with an API. If that automation is controlled by a single platform vendor, it can shape the ecosystem’s defaults—what gets generated, how quickly updates ship, and how consistently clients track platform changes.
This is a different flavor of automation than agent orchestration, but it’s connected. As more workflows become agent-driven and tool-integrated, the quality and freshness of SDKs become even more important. Automation that keeps SDKs aligned with evolving APIs can reduce breakage and speed integration—yet the acquisition shows that such automation is now valuable enough to be pulled in-house and made exclusive [3].
The real-world impact is that teams may see divergence in SDK quality and update cadence across competing AI platforms, depending on who controls the automation pipeline. This week’s news suggests that “developer tooling automation” is no longer just a feature; it’s a strategic lever.
Analysis & Implications: Automation is scaling faster than trust—so tools are racing to manufacture trust
Across these stories, a coherent pattern emerges: automation is expanding its reach, and the industry is responding by trying to formalize trust. Google and Notion are pushing automation into orchestrated, multistep, cross-tool workflows—via subagents, CLIs, SDKs, and developer platforms that can pull from broad data sources [4][5]. That’s the “scale” side of the equation: more actions automated, across more systems, by more people.
Resolve AI’s approach represents the “trust manufacturing” side: always-on background agents and an investigation architecture where specialized agents verify each other’s conclusions [2]. The design choice to have agents independently cross-check findings is an attempt to make automated outputs more reliable under real production pressure. It’s a recognition that as automation accelerates change, the system needs automated skepticism built in.
Then there’s the adversarial mirror. The Glassworm botnet story shows attackers exploiting developer distribution channels—extensions, ads, and account access—to compromise open-source developers and infect hundreds of repositories [1]. In other words, attackers are also “manufacturing trust,” but maliciously: they piggyback on the implicit trust developers place in familiar channels and shared code.
Finally, the Stainless acquisition highlights that automation is becoming scarce and strategic. Automating SDK creation and maintenance is not just operational efficiency; it’s ecosystem control. Anthropic’s ability to integrate the technology while discontinuing it for competitors suggests that automation pipelines can be treated like proprietary infrastructure, not commodity tooling [3].
The implication for engineering teams is that automation strategy can’t be separated into “dev productivity” and “security/reliability.” Orchestrated agents and multistep workflows increase throughput, but they also increase the need for verification mechanisms (like independent agent checks) and for hardened developer supply-chain practices. Meanwhile, platform-level automation decisions—like who controls SDK generation—can shape integration risk and maintenance burden over time.
This week, automation looks less like a single tool category and more like a stack: orchestration on top, verification in the middle, and supply-chain integrity underneath. Teams that treat it as a stack—designing for composability and for distrust—will be better positioned than teams that simply automate the next step because they can.
Conclusion: The new baseline is automated work—and automated doubt
May 20–27, 2026 made one thing plain: automation is no longer optional infrastructure around software engineering; it’s becoming the interface to software engineering. Agent orchestration is moving into mainstream developer surfaces through CLIs, SDKs, and workflow platforms that can span products and databases [4][5]. At the same time, the industry is confronting the operational consequences of moving fast with AI-generated code, pushing toward always-on investigation and cross-verification between specialized agents [2].
Security remains the hard constraint. The Glassworm botnet’s two-year campaign against open-source developers—and the infection of more than 300 GitHub repositories—shows how quickly trust can be weaponized when developer ecosystems are the target [1]. And the consolidation of SDK automation via Anthropic’s acquisition of Stainless signals that the automation underpinning developer experience is now strategic, not incidental [3].
The takeaway for teams is to pair every new automation capability with an explicit trust model: what verifies outputs, what limits blast radius, and what protects the supply chain paths your automation depends on. The next wave of developer tools won’t just automate work. They’ll automate the discipline required to keep automated work from becoming automated failure.
References
[1] CrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacks — TechCrunch, May 27, 2026, https://techcrunch.com/2026/05/27/crowdstrike-and-google-take-down-botnet-used-by-hackers-to-target-software-developers-in-supply-chain-attacks/?utm_source=openai
[2] Resolve AI says the AI coding boom is breaking production systems. It wants to fix that. — VentureBeat, May 21, 2026, https://venturebeat.com/technology/resolve-ai-says-the-ai-coding-boom-is-breaking-production-systems-it-wants-to-fix-that?utm_source=openai
[3] Anthropic has acquired the dev tools startup used by OpenAI, Google, and Cloudflare — TechCrunch, May 18, 2026, https://techcrunch.com/2026/05/18/anthropic-has-acquired-the-dev-tools-startup-used-by-openai-google-and-cloudflare/?utm_source=openai
[4] Google launches Antigravity 2.0 with an updated desktop app and CLI tool at IO 2026 — TechCrunch, May 19, 2026, https://techcrunch.com/2026/05/19/google-launches-antigravity-2-0-with-an-updated-desktop-app-and-cli-tool-at-io-2026/?utm_source=openai
[5] Notion just turned its workspace into a hub for AI agents — TechCrunch, May 13, 2026, https://techcrunch.com/2026/05/13/notion-just-turned-its-workspace-into-a-hub-for-ai-agents/?utm_source=openai