GitLab Duo Agent Platform | AWS Bedrock Multi-Cloud 2026

In the span of seven days, GitLab has made two of the most consequential enterprise AI partnerships in DevSecOps history. On April 14, the company announced a collaboration with Google Cloud that allows its Duo Agent Platform to run inference through Vertex AI, powered by Gemini models. On April 21, GitLab completed the other half of the equation: the same agentic platform now runs natively inside a customer's own Amazon Web Services account via Amazon Bedrock.

The speed of the dual announcement is deliberate. GitLab is signaling to enterprise buyers that its strategy is not to build a captive AI model monopoly. It is positioning the Duo Agent Platform as an orchestration layer, a control plane for AI-powered software development that sits on top of whichever cloud an enterprise has already standardized on.

The practical implication for procurement teams is significant. Companies that have negotiated multi-year AWS enterprise agreements with committed spend thresholds can now direct that existing budget toward GitLab AI agent compute, without signing a single new vendor contract.

The AWS Bedrock integration connects the GitLab AI Gateway directly to a customer's own Bedrock account. From a security architecture standpoint, this matters because the source code and AI prompts used to generate agent output never traverse GitLab's own infrastructure. All inference happens within the customer's private cloud environment, behind their existing VPC security controls and IAM permission boundaries.

Customers can apply the same AWS security guardrails already governing their Bedrock usage, including model access controls, logging to CloudTrail, and content filtering policies, to all GitLab Duo agent traffic. For organizations subject to SOC 2, FedRAMP, or HIPAA requirements, this removes the most common compliance blocker to adopting AI coding tools at scale.

Critically, any credits purchased through the AWS Marketplace count directly toward a company's AWS spend commitments . For enterprises that are already over-committed on cloud spending and looking for ways to absorb their committed dollars, GitLab Duo agents effectively become zero-incremental-cost tooling.

Alongside the AWS announcement, GitLab is retiring the traditional per-seat fee structure for advanced AI agents in favor of a consumption-based system called GitLab Credits.

Each credit costs $1 at list price on an on-demand basis and functions as a shared organizational currency drawn from a pooled budget. Instead of paying $30 per month for a developer seat that may not be actively using AI features, companies are billed per request, spread across the entire team.

Included allowances are tiered by subscription level. Premium users receive $12 in monthly credits per user as part of their plan, while Ultimate users receive $24 per user per month. For most development teams running moderate agentic workloads, the included allowances will cover routine use, with overage consumed from the shared organizational credit pool.

The Duo Agent Platform, which reached General Availability in January 2026, ships three specialized agents, each targeting a distinct pain point in the software delivery lifecycle.

The enterprise security case for the AWS and Google Cloud integrations rests on a single architectural fact: source code never leaves the customer's cloud environment. When GitLab routes agent inference through Amazon Bedrock, the request and response travel entirely within the customer's AWS account. GitLab's own servers never see the code.

Every action an AI agent takes inside the platform is recorded in GitLab's audit log infrastructure. Security teams can query exactly which agent ran, which files it modified, what prompt was used, and what output was produced. For organizations subject to Sarbanes-Oxley (SOX) controls, which require complete audit trails for code changes affecting financial systems, this auditability is a hard requirement, not a preference.

The combination of in-VPC processing and complete audit logging removes the two most commonly cited enterprise objections to AI DevSecOps adoption: data leakage risk and auditability gaps.

The strategic pressure on GitHub is real. GitHub Copilot currently routes all inference through Microsoft Azure OpenAI. Customers have no mechanism to bring their own AWS or Google Cloud model. For enterprises with primary cloud commitments at AWS or GCP, this creates a friction point: adopting GitHub Copilot means paying for AI compute outside their primary cloud contract.

GitLab's dual-cloud BYOM move changes the competitive framing. GitHub Copilot is increasingly positioned as a Microsoft-first tool. GitLab Duo is positioned as infrastructure-agnostic. For large enterprises with heterogeneous cloud environments, that difference is meaningful at the procurement table.

The broader AI developer tools market is simultaneously being reshaped by the Claude Code controversy at Google DeepMind and aggressive talent acquisitions like Meta recruiting seven senior AI researchers from Mira Murati's Thinking Machines Lab. GitLab's multi-cloud push lands in an environment where every major technology company is scrambling to define its AI infrastructure position.

GitLab has not announced a third cloud integration, but the pattern of AWS and Google Cloud shipping within one week of each other strongly suggests a deliberate cadence. Azure is the obvious next target, which would complete the hyperscaler trifecta and close the competitive gap with GitHub Copilot on Microsoft's own infrastructure.

Beyond cloud integrations, the Duo Agent Platform is still early in its development cycle. The three production agents, Planner, Security Analyst, and Pipeline Fixer, cover the most high-value use cases but represent a fraction of the agentic surface area available across the software development lifecycle. Code review agents, documentation agents, and test generation agents are all logical extensions of the existing platform.

For enterprises evaluating their DevSecOps toolchain through the rest of 2026, GitLab has made the evaluation criteria significantly more complex. The question is no longer just feature parity with GitHub. It is whether an organization wants its AI development tools to be deeply integrated with a single cloud ecosystem, or orchestrated by a neutral platform that runs wherever the code lives.