fossabot (New Horizons AI)
Agentic AI that keeps software dependencies current — safely, automatically.
Engineering Manager, Applied AI & SRE · FOSSA · 2024–present
The problem
Modern software runs on hundreds of open-source dependencies, and keeping them current is a thankless, never-ending tax on engineering teams. Updates break builds, introduce behavioral changes, and pile up until a backlog of outdated, vulnerable packages becomes a real security and maintenance liability. Most teams either fall behind or burn senior-engineer time triaging upgrades one at a time.
What I led
I built and led the Applied AI team that created fossabot — an agentic AI product that automates dependency updates and vulnerability remediation directly inside developers' pull-request workflows. I owned the effort from early prototype through public beta: standing up the team from scratch (mission, hiring, mentorship), driving the architecture, and staying hands-on across the stack. In parallel I founded and led the SRE function that stabilized and scaled the production environment, including a migration from kops to managed EKS.
What we built
- ▹An AI agent that opens pull requests, bumps versions, reads CI logs, and verifies impact in a sandbox before recommending a change — so updates are safe, not just automatic.
- ▹Code-aware change & impact detection with a caching layer for faster, cheaper analysis.
- ▹Static-analysis (SAST) checks surfaced as part of the PR review.
- ▹Support across the languages teams actually use — JavaScript/TypeScript, Java, Python, Go, and Ruby.
- ▹Integrations beyond GitHub, including GitLab, to meet enterprises where they already work.
- ▹A dependency-intelligence data layer (GraphQL API, event bus, OpenSearch) powering faster vulnerability data and future agentic capabilities.
Impact
fossabot carried FOSSA from its license-compliance roots into agentic AI — a new product line taken from idea to public beta, adopted by enterprise design partners, and shaped into a multi-agent roadmap (detection → prioritization → autonomous remediation → advisory) presented to company and board leadership. The throughline: give engineers enough confidence in automated updates that they stop doing the work by hand.