Software development | Technology Tales

Vibe Coding, AI App Builders and the Changing Shape of Software Creation

28^th May 2026

A distinct cluster of digital tools has been forming around software creation, and it does not fit especially neatly into older categories. Some of these products began as developer infrastructure, some as online coding environments, and some as AI-powered builders for people with little or no conventional programming background. Increasingly, though, they are converging around a shared promise: describe what you want in ordinary language, let the system generate much of the software, and refine the result through an iterative back-and-forth.

That convergence is why platforms such as Vercel, v0, Replit, Bolt.new and Lovable are often mentioned together even though they did not begin in the same place. In older taxonomies, one might have sat under hosting, another under browser-based coding and another under no-code or low-code creation. With AI now sitting closer to the centre of each experience, the boundaries are less tidy, and what emerges instead is a broader ecosystem of AI-assisted application creation, one that affects how software is built, who can build it and what people mean when they talk about coding in the first place.

The Term That Named the Movement

Before examining the individual platforms, it is worth understanding where the phrase "vibe coding" came from, since it now frames so much of the conversation around these tools. The term was coined by AI researcher Andrej Karpathy in a post on X (formerly Twitter) on 2^nd February 2025. He described it as a style of building where you fully give in to the process, embrace rapid iteration and let the AI handle the details of implementation, to the point of forgetting that code even exists underneath. The phrase spread rapidly, and by the end of 2025, Collins Dictionary had named it their Word of the Year for 2025, a recognition of just how thoroughly the idea had entered mainstream discourse.

Karpathy's framing was originally casual and deliberate in its provocation. He was describing the experience of using large language models to build hobby projects by intent and iteration rather than by carefully planned, line-by-line implementation. The term has since broadened considerably, and in some engineering circles it has taken on more cautious connotations when applied to production systems. Even so, it remains the most widely understood shorthand for this style of prompt-driven development, and it shapes how the platforms below are discussed and marketed.

Vercel and Next.js

At one end of this landscape sits Vercel, which still fits most cleanly under software development tools enhanced by AI. Its core identity remains tied to deployment, hosting and developer workflow tooling rather than to frontier model development or general-purpose AI assistance. Next.js, the popular full-stack React framework, is maintained by Vercel, and many modern AI web applications are built with it and deployed on the Vercel platform. This overlap with companies such as OpenAI, Anthropic and Replicate helps explain why Vercel can appear closer to the AI conversation than a traditional hosting platform might once have done.

Even so, Vercel is not best understood as an AI assistant or a research platform in its own right. It remains primarily infrastructure and deployment, with growing AI-related features around the edges. The company promotes AI SDKs and tooling for building chatbots and AI interfaces, but that still serves the broader purpose of helping teams develop and ship applications, rather than replacing that process with a standalone AI service.

v0 by Vercel

The picture changes when v0 enters the discussion, and it began as a form of generative UI, focused on AI-generated React and Next.js interfaces and on rapid frontend prototyping. In that earlier form, it looked like a useful but relatively bounded addition to Vercel's existing developer ecosystem. The product launched in beta in October 2023, and by January 2026 it had rebranded from v0.dev to v0.app, with over six million developers using the platform by that point. More recently, it has evolved into something broader, including full-stack app generation, website generation, agentic coding workflows, GitHub integration, deployment automation and increasingly autonomous software development.

That makes the Vercel ecosystem easier to understand when its parts are considered separately. Vercel handles hosting, deployment and infrastructure, while Next.js is the web framework that underpins much of the work produced there, and v0 sits on top of both as the AI-driven generation layer where interfaces, applications and workflows can increasingly be created from natural-language prompts. Seen this way, it becomes clearer why people now mention Vercel not only alongside hosting platforms such as Netlify or Cloudflare Pages, but also alongside browser-based tools such as Lovable, Replit and Bolt.new. v0 has moved into the same general current as vibe coding, where natural-language intent drives substantial code generation and rapid iteration. A significant rebuild in February 2026, framed by Vercel itself as tackling the gap between prototype and production, added enterprise-grade security controls and tighter integration with existing codebases, an acknowledgement that the earlier version's generated code, while popular, was often unsuitable for real deployment without considerable rework.

Replit

Replit occupies a more ambiguous but equally revealing position. It is an online programming and app development platform that runs entirely in the browser, and that basic fact explains much of its appeal. Traditional local development often requires installing languages, configuring environments, managing dependencies and arranging deployment separately. Replit reduces much of that friction by allowing someone to open a browser tab, create a project and start coding immediately. The platform supports over 50 programming languages, with Python and JavaScript among the most widely used, and also covers TypeScript, C, C++, Go, Rust, Java and PHP, among many others.

In its earlier form, Replit was widely understood as an educational coding environment and a convenient cloud-based place to experiment with code. It was founded in 2016 by Amjad Masad with the stated aim of making programming as accessible as Google Docs. Over time, it grew into something closer to a cloud development platform, and more recently AI-assisted software development has become central to its public identity. Where it once offered a blank editor in the browser, it now guides users from a plain-English description of an app through generated starter code, interactive refinement and on to hosting, all without leaving the platform. AI code completion, debugging assistance and automated environment setup are part of that journey, as are agent-like workflows capable of building or modifying entire projects.

An All-in-One Character

That all-in-one character is what makes Replit distinct. Rather than asking a developer to stitch together a separate editor, runtime, host and collaboration tool, it folds all of those functions into a single browser-based environment, with AI coding assistance built in throughout. It overlaps in part with GitHub Codespaces, CodeSandbox and Lovable among browser-based environments, yet it differs from each in emphasis. Compared with Vercel, Replit feels much closer to an AI-native development environment than to deployment infrastructure, and compared with a conventional online editor, it pushes further towards autonomous generation and guided building.

That quality is important because Replit is often described in terms such as vibe coding platform, AI-native IDE or browser-based autonomous coding environment. Those descriptions point to a shift in the role of the developer. Rather than beginning with a blank file and writing everything line by line, a user may instead begin with a description, inspect what appears, correct it and continue in conversation with the system. The coding has not disappeared, but the interface to coding has changed significantly. The degree of autonomy that makes this possible also carries risk, as demonstrated in July 2025 when Replit's AI agent deleted the entire production database of SaaStr, a community for software business founders, during a test run, having ignored explicit instructions to freeze code changes, and subsequently attempted to conceal the damage by generating thousands of fake records. Replit's CEO apologised publicly, and the company introduced additional safeguards, but the incident drew widespread attention to the question of how much autonomous action is safe to delegate to an AI agent operating on live systems.

Bolt.new

Bolt.new pushes further along that spectrum, but arrives there from an unusual direction. Where Replit's move towards AI-assisted creation was a gradual evolution of an existing development platform, Bolt.new was built from the outset around a proprietary technology called WebContainers, developed by its parent company StackBlitz over the course of several years. StackBlitz was founded in 2017 by Eric Simons and Albert Pai with the aim of moving web development entirely into the browser, and WebContainers is the fruit of that work: a micro-operating system that runs Node.js and related tooling natively inside a browser tab using WebAssembly, with no remote server involved. When Bolt.new launched in October 2024, it combined that runtime with large language model code generation, and the result was something that could not only write code in response to a prompt but immediately execute it in the same environment and verify the output before the user had noticed a problem.

That feedback loop is what distinguishes Bolt.new most sharply from tools that generate code and hand it back for the user to run elsewhere. Because the code executes locally in the browser as it is produced, Bolt.new can catch errors, attempt fixes and iterate without the round-trip delay of cloud-based environments. The product launched initially using Anthropic's Claude 3.5 Sonnet as its underlying model, and StackBlitz became an official Anthropic partner in June 2025, opening access to the full range of Claude models. The growth that followed the October 2024 launch was striking: the product went from zero to four million dollars in annualised recurring revenue within its first thirty days, and reached forty million dollars ARR within five months, a trajectory that drew comparisons to the early growth of ChatGPT.

The platform has continued to develop since that launch. A significant update released in October 2025 added Bolt Cloud, bringing built-in databases, authentication, file storage and hosting to a product that had previously relied on external services such as Netlify and Supabase for those functions. Integrations with Stripe for payments, Figma for design import and GitHub for version control are also available, and the platform accepts inputs as text, images and Figma files as well as plain prompts. It exposes the code it generates, allows direct editing inside a browser IDE and gives users enough visibility to understand what has been built, which keeps it closer to the developer end of the spectrum than what comes next.

Lovable

Lovable sits the furthest along that spectrum. It is an AI-powered app builder that focuses more strongly on natural-language software creation than either Replit or Bolt.new does. Where those platforms still feel recognisably like coding environments, giving users access to the code being produced and expecting some degree of technical engagement, Lovable comes across more as an AI product generator. The central idea is not so much to provide a development environment with AI assistance as to let a person describe the application they want and have the system build a substantial first version on their behalf.

In practical terms, that means users can enter prompts such as a request for a travel blog with dark mode, a dashboard for train delays or a booking system for hiking tours. Lovable then generates frontend UI, layouts, components, database structure and often backend integrations. It started life as GPT Engineer, an open-source project, before launching commercially as Lovable in November 2024. In December 2025, it closed a $330 million Series B round at a $6.6 billion valuation, with enterprise customers including Klarna, Uber and Zendesk. This orientation makes it especially relevant for rapid prototyping and attractive to founders, designers, hobbyists and other non-traditional developers.

For that reason, Lovable belongs more naturally in conversations about agentic AI options than in discussions of conventional software development platforms. It is not a frontier model provider, a research tool or a traditional developer platform in the older sense. Instead, it forms part of a wider movement towards AI-generated applications, low-code and no-code tooling and what might be called software by conversation. The trade-off that comes with that approach became visible in April 2026, when a security researcher disclosed a broken access control vulnerability that had allowed unauthorised users to read the source code, database credentials and AI chat history of projects created before November 2025. Employees from major technology companies were among those with affected accounts, and the flaw had been reported to Lovable 48 days before it was made public. The incident underlined that the speed and abstraction that make these tools attractive do not remove the need for the security discipline that production software has always required.

Overlapping but Not Interchangeable

Taken together, these platforms show that the old boundaries between infrastructure, coding environments and app generators are becoming less stable. Each of them has moved, to varying degrees, in the same direction: towards natural-language input, generated output and a reduced expectation that the person building software will write every line of it themselves. The overlap among them is not accidental, and the fact that a hosting company, a browser IDE and an AI app builder are now discussed in the same breath reflects a broader shift in what software tooling is understood to be.

For readers trying to make sense of the current landscape, the simplest framing may be that these are AI-native or AI-assisted software development platforms arranged along a spectrum from infrastructure to conversation. At one end, Vercel and v0 together span the distance from deployment layer to AI-led generation, with the latter having pulled the whole ecosystem into a discussion it would not have joined a few years ago. Replit and Bolt.new occupy the middle ground, both giving users visibility into the code being produced, but Replit through the depth and flexibility of a full development environment and Bolt.new through the speed and self-contained nature of its browser-native runtime. At the far end, Lovable treats generation as its starting point rather than a feature layered onto something else, and makes the least demand on the person building to understand what is happening underneath.

Accessibility, Complexity and the Limits of Generation

This shift has implications beyond product positioning. One of the most obvious is accessibility. Tools that can generate starter applications, configure environments and handle deployment lower some of the barriers that previously kept software creation inside narrower technical circles. A person who would once have been stopped by installation issues, tooling complexity or lack of confidence with syntax may now get much further, though that does not mean expertise has become irrelevant; it means only that the route into creating software has changed and, in some cases, widened.

The harder question is what happens when those generated applications are expected to do something more than demonstrate a concept. The gap between a working prototype and a production system has always existed, but vibe coding has sharpened the surrounding debate considerably. In a December 2025 controlled study by security firm Tenzai, fifteen identical web applications were built using five AI coding agents, and the findings were pointed: across all fifteen applications, not one had CSRF protection and not one set standard security headers. Every application that included a URL-handling feature introduced a server-side request forgery vulnerability. Separately, research from 2025 found that AI-assisted code commits introduced hardcoded credentials at roughly twice the rate of human-only code, a pattern that has contributed to a significant rise in leaked API keys and secrets in public repositories.

Security is the sharpest edge of the criticism, but it is not the only one. Studies of AI-generated codebases have found that technical debt accumulates substantially faster than in traditionally engineered software, and that the absence of consistent architectural decisions, which a human team would establish and revisit over time, makes codebases harder to extend and maintain as they grow. An AI model has no memory of the patterns agreed upon in a previous session, and the context window has limits on how much of a large codebase it can hold in view at once. The result, as the software grows, can be inconsistency that is expensive to untangle. An August 2025 survey of eighteen CTOs by Final Round AI found that sixteen had experienced production problems they attributed directly to AI-generated code, and the consistent concern was not that AI tools were useless but that teams were using them without the engineering oversight that production software demands.

There is also a subtler, longer-term concern about the pipeline of people with the skills to address these problems. LeadDev's AI Impact Report 2025 found that 54% of engineering leaders expected junior developer hiring to decrease as a direct result of AI coding tools. The difficulty is that debugging, code review and architectural reasoning are skills that developers have traditionally built precisely by doing the lower-level work that AI is now absorbing. If fewer people develop those skills, the question of who fixes the AI-generated problems at scale becomes harder to answer. That tension helps explain why this area deserves to be treated as a topic in its own right, rather than squeezed into pre-existing categories. These platforms are reshaping the workflow of application creation itself, and the full consequences of that reshaping, for security, maintainability and the development of engineering skill, are still working themselves out.

What the Shift in Software Creation Actually Means

As this approach continues to develop, the most useful way to understand it may be not through rigid labels but through the changing relationship between people, code and tools. Software creation is becoming less linear and more conversational, and the path from idea to prototype is shortening. The distinction between writing code, directing a system to write code and assembling generated parts is becoming less clear. The vibe coding idea, coined in a single social media post in early 2025 and quickly adopted as a word of the year, has given this moment a name that captures both its appeal and its informality. Whether these platforms collectively represent a temporary shift in tooling or something more fundamental about who gets to build software will become clearer only as the generation of applications they enable moves from demonstration into sustained, real-world use.

From planning to production: Selected aspects of modern software delivery

9^th March 2026

Software delivery has never been more interlinked across strategy, planning and operations. Agile practices are adapting to hybrid work, AI is reshaping how teams plan and execute, and cloud platforms have become the default substrate for everything from build pipelines to runtime security. What follows traces a practical route through that terrain, drawing together current guidance, tools and community efforts so teams can make informed choices without having to assemble the big picture for themselves.

Work Management: Asana and Jira

Planning and coordination remain the foundation of any delivery effort, and the market still gravitates to two names for day-to-day project management: Asana and Jira. Each can bring order to multi-team projects and distributed work, yet they approach the job from very different histories.

With a history rooted in large DevOps teams and issue tracking, Jira carries that lineage into its Scrum and Kanban options, backlogs, sprints and a reporting catalogue that leans into metrics such as time in status, resolution percentages and created-versus-resolved trends. Built as a more general project manager from the outset, Asana shows its intent in the way users move from a decluttered home screen to “My Tasks”, switch among Kanban, Gantt and Calendar views using tabs, and add custom fields or rules from within the view rather than navigating to separate screens. The two now look similar at a glance, but their structure and presentation differ, and that influences how quickly a team settles into a rhythm.

Dashboards and Reporting

Those differences widen when examining dashboards and reporting. Jira allows users to create multiple dashboards and fill them with a large range of gadgets, including assigned issues, average time in status, bubble charts, heat maps and slideshows. The designs are sparse yet flexible, and administrators on company-managed accounts can add custom reporting, while the Atlassian Marketplace offers hundreds of additional reporting integrations.

By contrast, the home dashboard in Asana is intentionally pared back, with reports placed in their own section to keep personal task management separate from project or portfolio-level tracking. Its native reporting is broader and more polished out of the box, with pre-built views for progress, work health and resourcing, together with custom report creation that does not require admin-level access.

Interoperability

How well each tool connects to other systems also sets expectations. Jira, as part of Atlassian's suite, has a bustling marketplace with over a thousand apps for its cloud product, covering project management, IT service management, reporting and more. Asana's store is smaller, with under 400 apps at the time of writing, though it continues to grow and offers breadth across staples such as Slack, Teams and Adobe Creative Cloud, as well as a strong showing for IT and developer use cases.

Both tools connect to Zapier, which has also published a detailed comparison of the two platforms, opening pathways to thousands of further automations, such as creating Jira issues from Typeform submissions or making Asana tasks from Airtable records without writing integration code. In practice, many teams will get what they need natively and then extend in targeted ways, whether through marketplace add-ons or workflow automations.

Plans and AI

Plans and AI are where the most significant recent movement has occurred. On the Asana side, a free Personal tier leads into paid Starter and Advanced plans followed by Enterprise, with AI tools (branded "Asana Intelligence") included across paid plans. Those features help prioritise work, automate repetitive steps, suggest smart workflows and summarise discussions to reduce time spent on status communication.

Over at Jira, the structure runs from a free tier for small teams through Standard, Premium and Enterprise plans. "Atlassian Intelligence" focuses on generative support in the issue editor, AI summaries and AI-assisted sprint planning, adding predictive insights to help with resource allocation and automation. It is worth noting that Jira's entry-level paid plan appears cheaper on paper, but real-world total cost of ownership often rises once Marketplace apps, Confluence licences and security add-ons are factored in.

Choosing between the two typically comes down to need. If you want a task manager built for general use with crisp reporting and strong collaboration features, Asana presents itself clearly. If your roadmap lives and breathes Agile sprints, backlogs and issue workflows, and you need deep extensibility across a suite, Jira remains a natural fit.

Scrum: Back to Basics

Method matters as much as tooling. Scrum remains the most widely adopted Agile framework, and it is worth revisiting its essentials when translating plans into delivery. The DevOps Institute tracks the human side of this evolution, noting that skills, learning and collaboration are as central to DevOps success as the toolchain itself. A Scrum Team is cross-functional and self-organising, combining the Product Owner's focus on prioritising a transparent, value-ordered Product Backlog with a Development Team that turns backlog items into a potentially shippable increment every Sprint.

The Scrum Master keeps the framework alive, removes impediments, and coaches both the team and the wider organisation. Sprints run for no longer than four weeks and bundle Sprint Planning, Daily Scrums, a Sprint Review and a Retrospective, with online whiteboards increasingly used to run those ceremonies effectively across distributed and hybrid teams. The Sprint Goal provides a unifying target, and the Sprint Backlog breaks selected Product Backlog items into tasks and steps owned by the team.

Scrum Versus Waterfall

That cadence stands in deliberate contrast to classic waterfall approaches, where specification, design, implementation, testing and deployment proceed in long phases with significant hand-offs between each. Scrum replaces upfront specifications with user stories and collaborative refinement using the "three Cs" of Card, Conversation and Confirmation, so requirements can evolve alongside market needs. It places self-organisation ahead of management directives in deciding how work is done within a Sprint, and it raises transparency by making progress and problems visible every day rather than at phase gates.

Teams feel the shift when they commit to delivering a working increment each Sprint rather than aiming for a distant release, and when they see the cost of change flatten because feedback arrives through Reviews and Retrospectives rather than months after decisions have been made.

The State of Agile

Richer context for these shifts appears in longitudinal views of industry practice. The 18th State of Agile Report, published by Digital.ai in late 2025, observes that Agile is adapting rather than fading, with adoption remaining widespread while many organisations rebuild from the ground up to focus on measurable outcomes. The report, drawing on responses from approximately 350 practitioners, notes that AI and automation are accelerating change while introducing fresh expectations around data quality, decision-making and governance, and it emphasises that outcomes have become the currency connecting strategy, planning and execution.

That aligns with the Agile Alliance's ongoing work to re-examine Agile's core values for enterprise settings, as well as with the joint Manifesto for Enterprise Agility initiative with PMI{:target="_blank"}, which argues for adaptability as a strategic advantage rather than a team-level method choice. Significantly, the 18th report found that only 13% of respondents say Agile is deeply embedded across their business, and that only 15% of business leaders participate meaningfully in Agile practices, suggesting that leadership alignment remains one of the most persistent blockers to realising the framework's full potential.

Continuous Delivery and CI/CD Tooling

Getting from plan to production relies on engineering foundations that have matured alongside Agile. Continuous Delivery reframes deployment as a safe, rapid and sustainable capability by keeping code in a deployable state and eliminating the traditional post-"dev complete" phases of integration, testing and hardening. By building deployment pipelines that automate build, environment provisioning and regression testing, teams reduce risk, shorten lead time and can redirect human effort towards exploratory, usability, performance and security testing throughout delivery, not just at the end.

The results can be counterintuitive. High-performing teams deploy more frequently and more reliably, even in regulated settings because painful activities are made routine and small batches make feedback economical.

CI/CD in Practice

Contemporary CI/CD tools express that philosophy in developer-centred ways. Travis CI can often be described in minutes using minimal YAML configuration, specifying runtimes, caching dependencies, parallelising jobs and running tests across multiple language versions. Azure Pipelines, GitHub Actions and Azure DevOps provide similar capabilities at broader scale, with managed runners, gated releases, integrated artefact feeds, security scanning and policy controls that matter in larger enterprises.

The emphasis across these platforms is on speed to first pipeline, consistency across environments and adding guardrails such as signed artefacts, scoped credentials and secret management, so that velocity does not undercut safety.

Cloud Native Architecture

Architecture and platform choices amplify or constrain delivery flow. The cloud native ecosystem, curated by the Cloud Native Computing Foundation (CNCF) under the Linux Foundation, has become the common bedrock for organisations standardising on Kubernetes, service meshes and observability stacks. Hosting more than 200 projects across sandbox, incubating and graduated maturity levels, it spans everything from container orchestration to policy and tracing, and brings together vendors, end users and maintainers at events such as KubeCon + CloudNativeCon.

Sitting higher up the stack, Knative is a recent CNCF graduate that provides building blocks for HTTP-first, event-driven serverless workloads on Kubernetes. It unifies serving and eventing, so teams can scale to zero on demand while routing asynchronous events with the same fluency as web requests, and was created at Google before joining the CNCF as an incubating project and subsequently reaching graduation status. For teams that need to manage the underlying cluster infrastructure declaratively, Cluster API provides a Kubernetes-native way to provision, upgrade and operate clusters across cloud and on-premises environments, bringing the same declarative model used for application workloads to the infrastructure layer itself.

APIs and Developer Ecosystems

API-driven integration is part of the cloud native picture rather than an afterthought. The API Landscape compiled by Apidays shows the sheer diversity of stakeholders and tools across the programmable economy, from design and testing to gateways, security and orchestration. Developer ecosystems such as Cisco DevNet bring this to ground level by offering documentation, labs, sample code and sandboxes across networking, security and collaboration products, encouraging infrastructure as code with tools like Terraform and Ansible.

Version control and collaboration sit at the centre of modern delivery, and GitHub's documentation, spanning everything from Codespaces to REST and GraphQL APIs, reflects that centrality. The breadth of what is available through a single platform, from repository management to CI/CD workflows and AI-assisted coding, illustrates how much of the delivery stack can now be coordinated in one place.

Security: An End-to-End Discipline

Security threads through every layer and is increasingly treated as an end-to-end discipline rather than a late-stage gate. The Open-Source Security Foundation (OpenSSF) coordinates community efforts to secure open-source software for the public good, spanning working groups on AI and machine learning security, supply chain integrity and vulnerability disclosure, and offering guides, courses and annual reviews.

On the cloud side, a Cloud-Native Application Protection Platform (CNAPP) consolidates capabilities to protect applications across multi-cloud estates. Core components typically include Cloud Infrastructure Entitlement Management (to rein in excessive permissions), Kubernetes Security Posture Management (to maintain container orchestration best practices and flag misconfigurations), Data Security Posture Management (to classify and monitor sensitive data) and Cloud Detection and Response (to automate threat response and connect to security orchestration platforms).

Increasingly, AI-driven Security Posture Management sits across these layers to spot anomalies and predict risks from historical patterns, though this brings its own challenges around false positives and model bias that require careful adoption planning. Vendors such as Check Point offer CNAPP products including CloudGuard with unified management and compliance automation. While such examples illustrate what is available commercially, it is the architecture and functions described above that define the category itself.

Site Reliability Engineering

Reliability is not left to chance in well-run organisations. Site Reliability Engineering (SRE), pioneered and documented by Google, treats operations as a software problem and asks SRE's to protect, provide for and progress the systems that underpin user-facing services. The remit ranges from disk I/O considerations to continental-scale capacity planning, with a constant focus on availability, latency, performance and efficiency.

Error budgets, automation, toil reduction and blameless post-mortems become part of the vocabulary for teams that want to move fast without eroding trust. The approach complements Continuous Delivery by turning operational quality into something measurable and improvable, rather than a set of aspirations.

Code Quality, Testing and Documentation

For all the automation and platform power now available, the basics of code quality and testing still count. The Twelve-Factor App methodology remains relevant in encouraging declarative automation, clean contracts with the operating system, strict separation of build and run stages, stateless processes, externalised configuration, dev-prod parity and treating logs as event streams rather than files to be managed. It was first presented by developers at Heroku and continues to inform how teams design applications for cloud environments.

Documentation practices have also evolved, from literate programming's argument that source should be written as human-readable text with code woven through, to modern API documentation standards that keep codebases easier to change and onboard. General-purpose resources such as the long-running Software QA and Testing FAQ remind teams that verification and validation are distinct activities, that a spectrum of testing types is available and that common delivery problems have known countermeasures when documentation, estimation and test design are taken seriously.

AI in Software Delivery

No survey of modern software delivery can sidestep artificial intelligence. Adoption is now near-universal: the 2025 DORA State of AI-Assisted Software Development report, drawing on responses from almost 5,000 technology professionals worldwide, found that around 90% of developers now use AI as part of their daily work, with the median respondent spending roughly two hours per day interacting with AI tools. More than 80% report feeling more productive as a result. The picture is not straightforward, however. The same research found that AI adoption correlates with higher delivery instability, more change failures and longer cycle times for resolving issues because the acceleration AI brings upstream tends to expose bottlenecks in testing, code review and quality assurance that were previously hidden.

The report's central conclusion is that AI functions as an amplifier rather than a remedy. Strong teams with solid engineering foundations use it to accelerate further, while teams carrying technical debt or process dysfunction find those problems magnified rather than resolved. This means the strategic question is not simply which AI tools to adopt, but whether the underlying platform, workflow and culture are ready to benefit from them. The DORA AI Capabilities Model, published as a companion guide, identifies seven foundational practices that consistently improve AI outcomes, including a clear organisational stance on AI use, healthy data ecosystems, working in small batches and a user-centric focus. Teams without that last ingredient, the report warns, can actually see performance worsen after adopting AI.

At the tooling level, the landscape has moved quickly. Coding assistants such as GitHub Copilot have gone from novelty to standard practice in many engineering organisations, with newer entrants including Cursor, Windsurf and agentic tools like Claude Code pushing the category further. The shift from "copilot" to "agent" is significant: where earlier tools suggested completions as a developer typed, agentic systems accept a goal and execute a multistep plan to reach it, handling scaffolding, test generation, documentation and deployment checks with far less human intervention. That brings real efficiency gains and also new governance questions around traceability, code provenance and the trust that teams place in AI-generated output. Around 30% of DORA respondents reported little or no trust in code produced by AI, a figure that points to where the next wave of tooling and practice will need to focus.

Putting It Together

Translating all of this into practice looks different in every organisation, yet certain patterns recur. Teams choose a work management tool that matches the shape of their portfolio and the degree of Agile structure they need, whether that is Asana's lighter-weight task management with strong reporting or Jira's DevOps-aligned issue and sprint workflows with deep extensibility, then align on a Scrum-like cadence if iteration and feedback are priorities, or adopt hybrid approaches that sustain visibility while staying compatible with regulatory or vendor constraints.

Build, test and release are automated early so that pipelines, not people, become the route to production, and cloud native platforms keep environments reproducible and scalable across teams and geographies. Instrumentation ensures that security posture, reliability and cost are visible and managed continuously rather than episodically, and deliberate investment in engineering foundations, small batches, fast feedback and strong platform quality, creates the conditions that the evidence now shows are prerequisites for AI to deliver on its promise rather than amplify existing dysfunction.

If anything remains uncertain, it is often the sequencing rather than the destination. Few organisations can refit planning tools, delivery pipelines, platform architecture and security models all at once, and there is no definitive order that works everywhere. Starting where friction is highest and then iterating tends to be more durable than a one-shot transformation, and most of the resources cited here assume that change will be continuous rather than staged. Agile communities, cloud native foundations and security collaboratives exist because no single team has all the answers, and that may be the most practical lesson of all.