Executive summary

When Mike Garon joined Cobalt as an engineering leader, he inherited the technology and culture of a 13-year-old company. Engineering priorities were largely driven by sales requirements, making longer-term and big-picture improvements harder to implement.

Flux, a code-first engineering intelligence platform, gave Garon estate‑wide visibility, automatically classified work, and proved that leaning into AI and experimentation was changing what the team actually shipped. Flux’s work‑type charts showed a sharp increase in feature work, which Garon used to energize engineers, brief executives and the board, and help Finance pursue increased eligibility for R&D tax credits. For Cobalt, Flux made the impact of AI adoption and cultural change visible, surfacing measurable gains in feature delivery and financial outcomes.

Customer overview

Cobalt is the pioneer in penetration testing as a service (PTaaS) and a leader in human‑led, AI‑powered offensive security services. The Cobalt Offensive Security Platform combines 500+ trusted security experts with SaaS workflows so thousands of customers can find and fix vulnerabilities faster. In a high‑stakes, security‑critical environment like this, the Cobalt engineering organization needs a precise view of which parts of the platform are changing and why, whether that’s due to incidents, features, or experiments, so they can understand changes quickly while also shipping new capabilities.

The challenge: black‑box engineering in an AI era

Joining in 2025, Garon described Cobalt as the most exciting product opportunity of his career, accompanied by one of the largest and most complex codebases he had seen. He arrived with a clear mandate to energize engineering, modernize the stack, and lean hard into AI.

He found a surprising number of repositories in the Cobalt GitHub organization, corresponding to the large number of microservices implementing complex logic in the back end. Many of the services could be consolidated, and some repos were only receiving automated dependency bumps. Teams knew parts of the system needed attention but felt there was never time to fix them.

Key challenges included:

• An enormous codebase spread across hundreds of repositories, leading to accumulated technical debt.
• No estate‑wide, code‑level visibility into what work was actually being done.
• Little capacity to address known issues or simplify systems, leaving long‑standing problems unsolved.


At the same time, AI-assisted development experiments were increasing the speed and complexity of code changes. Traditional engineering intelligence tools built on tickets, such as Jira‑based dashboards or DORA reports, could only show intent and status, not how the Cobalt codebase was actually changing. Engineering was turning into a black box just as Garon was seeking to prove to executives and the board that AI and cultural bets were producing more impactful work.

The solution: code‑first visibility across the estate

Cobalt began working with Flux in the early fall of 2025. Flux connected to the company’s GitHub organization, backfilled several years of historical data, and built a baseline grounded in actual commits and pull requests rather than reported activity. It automatically categorized pull requests as maintenance, bugfix, or feature work and gave Garon a comprehensive view of what was happening across all major repositories.

Because Flux derives its insights directly from the code across the entire estate, it gave Garon system‑wide visibility that ticket‑centric dashboards simply could not provide. Flux answered a critical question for him: “What is my team doing, and what does that work mean?”

As the year progressed and AI‑assisted development ramped up, Flux became the backbone of the story Garon told executives and his team about how Cobalt’s engineering work was changing. By year end, the development teams were heavily leveraging AI to drive development, and Flux showed that the mix of work had shifted decisively toward new features, turning AI and culture bets into measurable output.

In parallel, Garon and his teammates used activity data from GitHub and operational metrics in DataDog to refactor the microservices back end into a more manageable set of service and repos. Flux highlighted where meaningful work was still happening and how consolidation affected focus. By November, Flux produced an estate‑wide work‑categorization chart that clearly showed less trivial maintenance and bugfixes and much more real feature development, turning a year of intuition about cultural change into a single, undeniable visual.

That chart became the centerpiece of his Q4 report to the executive team and a key slide at an engineering offsite, where he showed the team how much they had changed their own work. As those materials circulated, Finance noticed the spike in feature work and reached out to explore how the pattern could support an increase in R&D tax credits, using Flux’s work‑type data instead of estimated percentages.

In 2026, Garon’s focus shifted from proving the team could change to delivering new features and customer value in a short time. He now plans to use Flux’s prompt‑based PR evaluation and upcoming scoring signals to move from backward‑looking reports to forward‑looking signals that show whether today’s work is the right foundation for tomorrow’s goals.

Results and impact: from intuition to evidence

Flux helped Cobalt cut its active repository footprint in half, reduce the surface area of technical debt, and document a clear shift from maintenance toward feature work across the codebase. As AI‑assisted development became normal practice, Flux also showed how that shift changed the nature of what shipped, not just how much shipped.

Cobalt’s transformation showed up in several ways:

• Engineers moved from feeling they never had time to fix things to excitedly sharing experiments that increasingly turned into real features, with the Flux chart giving them a concrete reflection of that progress.
• Flux’s work‑by‑type percentages let engineering leadership replace rough estimates of how much work counted as features with code‑derived ratios that Finance trusted, making it easier to support R&D tax credits.

  

There is so much enthusiasm now. We’ve brought playfulness back into building software, and it’s paying off. Engineers are exploring ideas freely, then turning the best ones into production-ready capabilities that move the needle for customers.
– Mike Garon, Vice President of Engineering

Looking ahead, Garon stated, “Last year was about proving impact to the team. Flux produced the single most compelling chart of that change. This year, I don’t need to prove what we can do; we have to do it. And I need Flux to tell me if we’re achieving our goals before we miss them.”

For engineering leaders rolling out AI‑assisted development, Cobalt’s experience shows that relying on ticket data alone leaves you in the dark about what your code is actually doing; code‑level visibility turns those AI experiments into something you can manage, defend, and accelerate.