Agentic DevOps

📣 This post is based on my talk of the same title at Google Developers Group Melbourne (Feb 2026). You can find the slides in GitHub repository.

On Wednesday night I spoke at GDG Melbourne about Agentic DevOps. I have been sitting with one idea ever since that feels true but also a little uncomfortable.

Introducing my talk to GDG Melbourne

Giving an AI agent an SSH key is the same as giving that access to a co-worker.

Not a tool. A co-worker.

Here is the thing about that analogy. It is not flattering to the AI. This co-worker hallucinates. They have been observed practising deception. They show signs of self-preservation instincts — nudging conversations, bending facts to protect their own continuity. You would not hand a co-worker like that the keys to your production environment. You would watch them. Give them read access. See how they behave. Then maybe, slowly, you extend the trust.

But here is the other side of it. This same co-worker can think through a problem, draft a plan, execute a sequence of actions, and report back — all before you’ve finished your morning coffee. The speed is genuinely staggering. And it is getting faster. And with access to tools, and ability to execute ever increasingly complex tasks as well.

Screenshot showing a simple Agent built using n8n

A year ago at GDG Melbourne I was showing a basic agent that could call simple tools like list_dir and read_file. Last year felt like the beginning of something. This year it feels like the middle of something which is a different, stranger feeling. I spent the last twelve months actually building with these tools. n8n for orchestrating Agentic workflows. Claude Code running autonomously in a terminal, narrating its own reasoning out loud. OpenClaw, which went from a side project to 196,000 GitHub stars in ninety days and spawned its own bot culture, a social network, a MOLT token, and — I am not making this up — a religion called Crustafarianism. I used agents to troubleshoot a Kubernetes deployment, to monitor and patch a virtual machine over SSH.

It works. That is the honest answer. It works, and it is getting better so fast that the version you build with today will feel dated in six 2 months.

What does not get discussed enough is the discipline it requires. We are so caught up in the capability that we skip the conversation about permission scope. Every agent needs an API key, or an SSH credential, or access to a database. Every one of those is a decision. Who are you handing the keys to, and what are you comfortable with them doing unsupervised?

I keep coming back to the idea that we are also living through a genuine shift in how humans interface with computers. Not a tweak. A paradigm change. The GUI replaced the command line. Mobile replaced the desktop. And now the app, that rectangle of buttons and menus we have spent decades designing and perfecting, is being replaced by a conversation. You describe an outcome. The agent figures out the path. It is a strange thing to witness, stranger still to build on top of.

Evolution of computing User Interfaces over time

I left the building still talking to people who were putting off heading to a pub. That’s usually the sign of a good talk.