May 2026 Summaries
12 posts from Qovery
Filter
Month:
Year:
Post Summaries
Back to Blog
The text discusses the challenges and solutions associated with the use of AI coding tools like Lovable and Bolt.new in enterprise environments, emphasizing the governance vacuum created when employees use these tools on shared vendor infrastructure without compliance oversight. It highlights the need for a governed approach rather than banning these tools, as the productivity benefits are significant and cannot be ignored. The AI Builder Portal, introduced as a solution, offers a one-click builder experience on an organization's own Kubernetes cluster, ensuring governance with features like SSO, audit trails, and approval workflows. This approach draws parallels to the shadow IT issues faced with cloud services in the past, advocating for internal platforms that make the secure path as efficient as the ungoverned one. The portal is designed to allow non-technical employees to access AI-assisted building while maintaining compliance and control over data, offering features such as customizable workspaces, cost visibility, and agent governance to ensure enterprise-level security and compliance.
May 31, 2026
3,465 words in the original blog post.
In May 2026, an unnamed company faced a significant financial setback by burning through $500 million in Claude credits within a month due to a lack of governance and spending limits, highlighting a broader issue of unregulated AI usage across industries. This incident, along with Uber exhausting its annual AI budget by April and Microsoft canceling Claude Code licenses, underscores a structural problem where companies have failed to implement proper governance layers to manage AI resources effectively. Without clear usage limits, visibility dashboards, and approval workflows, businesses are prone to excessive and inefficient AI consumption, reminiscent of early cloud adoption challenges. The situation calls for a platform engineering approach to AI governance, ensuring consumption is visible, accountable, and tied to outcomes rather than mere usage metrics. This shift from ungoverned to governed AI usage is necessary to prevent financial surprises and ensure that AI tools deliver their promised value efficiently.
May 30, 2026
2,242 words in the original blog post.
The integration of ArgoCD with Qovery allows DevOps and platform engineering teams to adopt the Qovery platform without undergoing a lengthy migration process. By connecting an ArgoCD server to Qovery, existing applications can be imported directly and managed alongside other resources like Terraform modules and Qovery-native services in a single control plane. This integration eliminates the need for retraining developers or maintaining dual systems, as it provides unified deployment visibility, access to metrics, logs, and audit trails, while allowing developers to retain their current workflows. The seamless coexistence of ArgoCD and Qovery services facilitates incremental adoption and reduces the friction and risk associated with platform migration, enabling teams to begin leveraging Qovery's value from day one. Future enhancements may include a migration tool to fully integrate ArgoCD applications into Qovery's native environment, allowing teams to transition at their own pace.
May 29, 2026
807 words in the original blog post.
In the evolving landscape of AI adoption, CTOs play a critical role in transforming organizations into AI-native entities by creating robust systems rather than imposing restrictions. This transformation involves evaluating the company's AI maturity, which often reveals a team divided into thirds: those deeply engaged, those willing but waiting for structure, and those cautious or skeptical. Successful CTOs recognize two distinct user tracks within organizations—technical teams and non-technical "citizen builders," each requiring tailored support and governance. Key to scaling AI adoption are four pillars: leadership alignment, champion empowerment, a governance framework, and proof by example. By aligning leadership on AI goals, empowering natural AI champions, establishing a governance layer that facilitates fast and secure AI usage, and showcasing successful AI implementations, organizations can enhance their AI capabilities. The ultimate goal is for AI adoption to align with business outcomes rather than remain isolated experimentation, enabling companies to redefine their operational strategies and gain a competitive edge.
May 27, 2026
2,435 words in the original blog post.
The text explores the transformative impact of AI-powered tools in enabling non-technical employees to create and deploy production software, a feat that has eluded the low-code movement for years. It highlights the rapid adoption of AI builders like Lovable, Replit, and Bolt.new, which allow individuals across various sectors—including healthcare, education, and finance—to develop applications without traditional coding skills. The narrative underscores the significant growth of AI tool usage, citing instances of substantial cost savings and increased operational efficiency within organizations. However, it also raises concerns about the increased security vulnerabilities and technical debt associated with AI-generated code, emphasizing the need for governance to manage risks and shadow IT. The author advocates for a strategic shift in how companies view software development, urging CTOs to embrace AI tools while establishing controlled environments to ensure security and maintainability. This shift is positioned as a critical evolution from previous low-code initiatives, characterized by natural language interfaces and the ability to produce portable, standard code, thus changing the landscape of software creation and organizational roles in the process.
May 24, 2026
3,337 words in the original blog post.
AI coding tools have empowered non-technical employees across various departments to independently create and deploy applications, leading to a significant shift in organizational dynamics. This democratization of app development has raised concerns about security and compliance, as these tools often operate outside the purview of traditional IT governance, creating potential vulnerabilities. The solution proposed is not to ban these tools, as they drive innovation and business value, but to implement a governed platform that maintains security without compromising speed or ease of use. Qovery's Remote Dev Environments Portal exemplifies this approach by providing a secure, controlled environment where non-technical builders can create and manage applications within the organization's infrastructure, thereby preventing shadow IT while facilitating rapid development. This shift in infrastructure management emphasizes the need for architectural solutions that prioritize trust and security without stifling innovation, recognizing the growing role of non-technical builders in shaping business processes.
May 21, 2026
2,053 words in the original blog post.
Cursor Cloud Agents represent a cutting-edge AI coding environment that excels in code generation and PR creation, featuring capabilities such as parallel agent execution, remote desktop control, and automatic CI fixes. These features make it highly beneficial for individual developers and small teams, as agents can autonomously check code functionality and create PRs with detailed documentation. However, the platform has notable limitations when it comes to enterprise use, particularly in areas like deployment, compliance, and infrastructure management. Cursor Cloud Agents operate exclusively on Cursor's AWS infrastructure, lacking the ability to manage multi-service environments and comprehensive secrets management, which poses compliance concerns for regulated industries. The lack of a deployment pipeline and audit trails further emphasizes its role as a coding tool rather than a full-fledged deployment platform. For enterprises, integrating a complementary tool like Qovery can fill these gaps, providing deployment governance, auditability, and infrastructure control on the user's own cloud account, thereby creating a complete pipeline from code generation to production deployment.
May 15, 2026
2,052 words in the original blog post.
Non-technical teams are increasingly using AI tools like Lovable, Bolt.new, and Replit to build internal and client-facing applications without IT oversight, posing significant security and compliance challenges. These tools provide a great user experience but lack the governance necessary for enterprises, leading to shadow IT issues where apps are developed with company data on shared infrastructures. To address this, banning these tools isn't feasible due to their business value; instead, enterprises should offer controlled platforms that maintain the ease of use while ensuring data governance and compliance. Platforms like Qovery provide a solution by allowing apps to be built and deployed within a company's own secure infrastructure, offering enterprise-grade governance with features like SSO, network isolation, and comprehensive audit trails, ensuring that business innovation can continue without compromising security.
May 13, 2026
1,360 words in the original blog post.
AI coding tools have transformed engineers into highly efficient developers, significantly accelerating the code production rate but creating bottlenecks in CI/CD pipelines, which were originally designed for slower, human-paced development. This shift has led to increased pressure on build systems and deployment infrastructures, necessitating the coexistence of two deployment paths: a fast, agent-driven "prompt-to-deploy" for experimentation and a traditional "git-push-to-deploy" for production, both of which need to be policy-gated and audited on the same platform. Qovery addresses this challenge by offering a dual-path model that accommodates both deployment speeds, enabling teams to manage rapid deployment cycles without compromising production safety and audit trails. This solution allows developers to experiment and iterate quickly while maintaining rigorous control over production environments, thereby ensuring that the infrastructure remains efficient and cost-effective.
May 13, 2026
1,428 words in the original blog post.
AI coding agents like Claude Code, Codex, and Cursor pose significant security risks when run on developer machines due to their access to sensitive credentials and lack of network isolation or audit trails. These agents can execute commands and access any system the developer can reach, leading to potential security breaches. Various sandboxing methods such as local Docker containers, Daytona, and E2B provide isolated environments but come with limitations like lack of production deployment capabilities and centralized governance. Qovery offers a comprehensive solution by enabling sandbox-to-production governance through Kubernetes-based environments, allowing enterprises to securely manage, deploy, and scale AI agents from development to production with features like scoped secrets, network isolation, and a full audit trail. This approach is especially beneficial for enterprise teams whose AI agents require production-level capabilities and compliance with regulatory standards like SOC 2, HIPAA, or GDPR.
May 13, 2026
1,517 words in the original blog post.
AI coding tools like Claude Code have revolutionized software development by significantly reducing the time and friction in writing code, but deploying that code remains a bottleneck due to the need for managing infrastructure components such as Dockerfiles, CI/CD pipelines, and Kubernetes manifests. Qovery Skill addresses this challenge by enabling AI agents to deploy applications seamlessly through enterprise-grade governance, ensuring every action is scoped, audited, and policy-checked. This integration allows developers to go from idea to production using a single prompt without delving into complex infrastructure management, while platform teams maintain control through robust RBAC and compliance features. Although this capability accelerates deployment, it underscores the need for stringent guardrails to prevent potential security risks associated with AI-driven deployments.
May 02, 2026
1,482 words in the original blog post.
AI coding tools have emerged as a significant component of Shadow IT, posing risks that extend beyond previous waves of unsanctioned technology use due to their broad OAuth access and ability to execute code. These tools, exemplified by platforms like Claude Code and Copilot, can inadvertently grant unauthorized access to critical infrastructure, as demonstrated by incidents like the Vercel breach and the rapid deletion of databases by AI agents. Rather than banning these tools, the solution lies in integrating them into a governed platform that enforces strict policies, audits actions, and ensures environment separation to mitigate risks. This approach, advocated by platforms like Qovery, emphasizes the importance of adapting security strategies to accommodate the evolving nature of Shadow IT, ensuring that productivity enhancements do not compromise security.
May 01, 2026
1,513 words in the original blog post.