AI Architecture Updates: May 10, 2026

1. GitHub publishes a defense-in-depth reference architecture for agentic CI/CD

Leela Kumili / InfoQ. GitHub outlined an architecture for embedding AI agents into CI/CD pipelines that rests on three layers: ephemeral sandboxed execution with read-only defaults, staged write operations where agent outputs become proposed pull requests or comments before any commit, and full cross-boundary observability covering network egress, model calls, and tool invocations. Sensitive credentials are routed through trusted proxies that sit outside the agent boundary, and network egress is restricted to mitigate prompt injection and secret exfiltration. The framing positions agent security as an architectural concern rather than a prompt-level one, with isolation, constrained outputs, and auditability treated as first-class design constraints. Source