Ona

London, we can't wait to meet you. #AWSSummit week brings together the people shaping how enterprises build, ship, and secure software, and we've got three reasons to connect with you this week. On Wednesday (tomorrow): We're on Stand S5 all day at AWS Summit London. Bring your hardest questions. We're here to listen, demo, and get into the detail with you. A few starting points for a chat, but there's plenty more: → Kernel-level security for coding agents, so platform teams can enforce guardrails in the environment rather than trusting the agent → Claude Code and Codex as first-class frontier agents inside your own VPC, alongside Ona → Overnight migrations at org scale. Java 8 to 17, CVE remediation, tech debt across hundreds of repos On the stand you'll meet: Philipp Pietsch, Janine Shepherd, Karthik Shetty, George Morcos, Natacha Charton, 🚀 Lou Bichard (creator and author of background-agents.com), Daniel Zäh and Michael Aring. But first today: Matt Boyle is guest-speaking at the Amazon Web Services (AWS) CTO Roundtable on "the transformative impact of agentic AI on enterprise software and cloud transformation." It's a conversation AWS asked us to join, because it's one we've been having with enterprise engineering teams every day for the past year. If you're grappling with what agentic AI looks like in production, this is the room to be in. In the evening, we're excited to be hosting "An Evening with Ona", an intimate invite-only dinner for engineering leaders. A smaller room, a longer conversation, and the kind of honest questions that only get asked once the plates are cleared.

We're building a real product with zero human code in public. Every PR, every line of code, every metric, out in the open. This is Day 1. We'll cover what a software factory actually is, what we're building over the next two weeks, and how we're setting up the harness that lets AI agents run the full software development lifecycle — not just write code. Follow along: → software-factory.dev → x.com/swfactory_dev

JSON is king !

"I'm using agents. My team wants to adopt background agents. Where do we start?" We launched a background agents microsite a few weeks ago. The thing that resonated most was what we called "The false summit". You're running agents. Maybe parallelising them. Starting to think about making them proactive. It feels like you're close to the destination. You're not, but the next question is fair: where do I actually start? That's why we built a hand-curated agent landscape, the specific tools to look at if you're thinking about building background agent infrastructure. 🚀 Lou Bichard does a quick walk through on camera, check out the site to watch the full recording: background-agents. com/landscape

The landscape exists because the #1 question after we launched backgroundagents .com basically came down to: "Where does my team start?" 🚀 Lou Bichard mapped tools across sandboxes, orchestration, security, protocols, and benchmarks to help answer that. Let us know what you think!

We're hiring a Business Development Rep - US (remote) at Ona. As a BDR, you'll be the first point of contact in establishing relationships with prospects in pursuit of making every enterprise a tech company. You'll drive targeted outreach campaigns as part of our ABM strategy to engage prospects, book qualified meetings, and bring insights from the field back to the team to continuously sharpen our strategy. We're looking for someone with deep technical curiosity, exceptional communication skills, and an authentic excitement for agentic development. Come hang with me, Lydia, and Karthik!

Join 🚀 Lou Bichard and Leonardo Di Donato from Ona and Mackenzie Jackson from Aikido Security on March 11th -> What this webinar covers: Your scanner only finds vulnerabilities and bumps versions, but AI software engineers raise PRs to fix them, autonomously and in the background while you sleep. No organization should be manually remediating CVEs anymore. The attention of your engineers is the most critical resource for AI first organizations. CVE remediation is repetitive toil that can be delegated to AI software engineers working in the background. Your organization likely has a tool to find vulnerabilities such as Snyk, Dependabot, or Wiz. But, to remediate you're wasting hours chasing teams and competing with their backlog. AI software engineers change this equation. With Ona, you can launch a fleet of AI software engineers that can take flagged CVEs and open full working pull requests, not just bumping version numbers. Using their own isolated environment they can iterate on configurations to ensure that all your tests pass. Key takeaways: · Why CVE remediation is an ideal first use case for AI adoption · The infrastructure requirements for agent-based CVE remediation · How fleets allow you to fix CVEs in the background This webinar is for you if: You're a security engineer with an exploding CVE backlog, or an engineering leader with auditors breathing down your neck with hard questions about remediation timelines.

Today we're launching Veto in early access: kernel-level enforcement for every agent running on the Ona platform. Agents reason. That changes security more than most people realize. Leonardo Di Donato ran an experiment where Claude Code bypassed its own denylist and disabled its own sandbox to finish a task. It wasn't told to, it just did. Horizontal security won't work here. You can't layer controls across runtimes you don't own and expect them to hold against something that thinks. We believe that security has to be native to the platform. The runtime, the kernel, the network boundary. Veto identifies binaries by content, not filename. SHA-256 hash at the kernel level. Rename it, copy it, symlink it. It doesn't matter, Veto blocks it. Links to both the announcement post as well as Leo's technical deep dive are in the comments. Veto is available in early access for a set of design partners with strict security requirements. Let us know if you're interested to try it out! Link to the announcement post and technical deep dive is in the comments.

Coding agents didn’t remove the bottleneck. They moved it. The teams actually improving delivery aren’t stopping at coding agents. They’re deploying agents across the entire SDLC. We broke down that shift here: background-agents.com Writing code faster doesn’t fix delivery; it increases pressure downstream. More PRs lead to longer reviews. Faster reviews create testing backlogs. Accelerate testing, and deploys begin to queue. The constraint doesn’t disappear, it just relocates. Optimizing each stage individually doesn’t change system throughput. What does change it is restructuring the system. High-performing teams are running agents across the whole pipeline. Dependency updates run on a schedule and open upgrade PRs automatically across every repo. Incident triage agents gather logs, correlate recent deployments, and post root cause summaries before on-call even begins investigating. Routine maintenance and cross-repo changes happen continuously in the background instead of waiting for someone to initiate them. The goal isn’t faster code generation. It’s faster delivery. That requires treating the SDLC as a system and deploying agents accordingly.

Ona Automations is now generally available: proactive background agents that run in the cloud, pick up engineering work, and deliver merge-ready pull requests. Here's what you can automate today: - Backlog pickup — Ona scans Linear or Jira daily, picks up well-scoped tickets, and opens CI-green PRs by morning - Sentry triage & fix — new issues triaged and resolved before your team starts the day - Codebase cleanup — Knip finds unused dependencies, exports, and files; Ona removes them - CVE remediation — run Snyk or Aikido, resolve findings, rescan until clean And many more use cases we probably haven't even thought of. Here's how Automations work: → Trigger on a schedule, webhook, or PR event → Chain AI prompts with deterministic shell scripts in closed-loop workflows → Every run gets a full cloud dev environment, not a CI container, but the same tooling your engineers use → Ona clones, branches, builds, tests, iterates, and opens a PR across as many repos as you need → Full reporting and audit trail on every execution Start from a template or build your own from scratch. Read the full announcement linked in comments and let us know what you build!