Multinational banking giant Barclays 'supercharges' innovation with GitLab

Barclays is renowned as one of the “Big Four” financial institutions in the United Kingdom, playing a critical role in the country’s retail and commercial banking markets. With a total income of £29.1 billion in 2025, the organization has operations that go beyond traditional retail banking. It offers a comprehensive suite of financial services, including wealth management, corporate banking, investment banking, and payments services. Barclays also is known for making a ground-breaking move: It introduced the first ATM in 1967, changing the way people interact with their money and setting the stage for many of the self-service and digital banking practices people around the world take for granted today.

The same kind of innovative spirit that led Barclays to launch the world’s first ATM, inspired it decades later to create a digital transformation that includes changing the way its developers build and deploy software. It wanted a move that would accelerate its ability to create products that better serve its millions of customers around the world, make it easier to remain compliant and secure, and deeply improve the developer experience for their 24,000 DevSecOps team members who support more than 1,200 applications.

They also needed to address some specific challenges, like:

• Rectifying a lack of mandated and standardized controls that had reduced speed, collaboration, and efficiency

• Streamlining a fragmented development ecosystem that had become complex

• Creating a system in which documentation is more consistent and aligned

• Improving an onboarding process

• Changing the perception that banks’ technology is behind the curve

To do all of this, Barclays looked to GitLab, adopting its end-to-end platform in 2023. “We wanted a world-class platform to help improve our developer experience, and enable us to deliver better products faster, while enhancing security and compliance,” says Chris Hutchison, Enterprise Toolchain Director at Barclays. “We opted for GitLab because we trusted it would give us the strong foundation we needed.”

As a leading global financial institution handling millions of customer transactions every day, Barclays maintains the highest security standards throughout its software development lifecycle. Hutchison found it encouraging that despite its tools and procedures still being a work in progress, common for firms their size, Barclays had already made significant advances in making security efforts more simple and efficient.

“It’s so much easier for people to do what they need to do to secure our software.” he says, “We’re catching vulnerabilities earlier in the software development lifecycle (SDLC) and it’s easier to take care of them. Our whole process has improved and as we continue to use even more features in the GitLab platform, I just see it getting better.”

While the bank is planning on using GitLab’s automated scanning tools in the future, it already uses the platform’s automation capabilities to mandate and standardize security and release controls across teams, taking the manual effort out of tasks such as commit checks, merge request enforcement, and credential management. The results of those scans now appear in one place within GitLab, giving teams clearer visibility into security posture without having to navigate multiple tools.

“We wanted all the security and pipeline mandates baked into the platform” says Hutchison. “Having the scan results appear in GitLab, rather than in various tools means you don’t have to go looking for the results. Now it’s easier to make decisions because we have an easily accessible and holistic picture of the entire organization's composition. We can find vulnerabilities more quickly, and we can also find out how many teams or projects would be hit by that vulnerability.”

He notes that they plan to use even more mandated controls to further enforce security policies, and make even more of their automated work preventative.

“By continually shifting security left and getting rid of silos between our developers and our security teams, we are finding and fixing vulnerabilities before they’re built into solutions and before a product is released,” says Hutchison. “This is reducing our overhead for building development pipelines, and it's naturally increasing our release frequency, while dramatically lowering deployment barriers.”

In December 2024, Barclays launched GitLab Duo with 6,000 licenses. Within a year, adoption had grown to 23,000 team members consistently using the AI-native capabilities built directly into the platform.

“It’s about increasing their productivity and giving them more time to be creative.” says Hutchison. “It’s supercharged the whole development experience because GitLab Duo augments their capabilities, handling routine tasks so they can focus on higher-level problem solving and architecture. People are really engaged with it.”

Hutchison says there was some initial skepticism about using artificial intelligence in a financial institution. Hutchison, actually, was one of those skeptics, noting that being in a highly regulated and trust-dependent environment makes normal concerns about data privacy and security around AI even more acute.

However, he says he quickly came to realize that not using AI put the organization at more risk — risk of falling behind. “AI is not a threat,” Hutchison says. “Rather, it’s a true enhancement to our ability to have a higher impact on the business because it enables us to deliver higher quality code.”

And his relationship with the team at GitLab gave him the confidence he needed to be comfortable using GitLab Duo.

“The breakthrough for me was really about the explicit legal commitment we have with GitLab, in the sense that GitLab does not retain any of our data or code, and it is not used for model training. Our partnership with GitLab gives us the surety that we are doing this safely.”

Barclays uses GitLab Duo Chat as a conversational AI assistant, to help with code generation, code explanations, and test generation, as well as code refactoring and fixes — all working alongside its developers as they code. But usage goes beyond development assistance.

Hutchison says one of the features of GitLab Duo that has made a big difference to him personally has been Root Cause Analysis, a troubleshooting feature used to analyze failed job logs to determine the source of a problem and suggest a fix.

“It’s part of GitLab’s strategy of putting AI in all aspects of the SDLC,” he explains. “It was about 7 p.m. one night when I got a ping from someone in another country, who said their pipeline wasn’t working and they couldn’t figure it out. They wanted me to debug it. I just pressed Duo’s Troubleshooting button, and I immediately got an explanation of what was going wrong. The problem was resolved in seconds. I then taught that other person how to do it themselves. It made me look like a hero.”

Any skepticism or doubt about using AI-native tools has been “blown out of the water” across teams, according to Hutchison, who also notes that it helps younger developers work more confidently and productively. More experienced coders are also using GitLab Duo to eliminate mundane tasks, double-check their work, and accelerate their productivity.

Looking ahead, Hutchison is focused on agentic AI, autonomous capabilities that go beyond single prompts to continuously monitor, plan, and execute across the entire development lifecycle. For a bank operating at Barclays' scale, the possibilities are significant.

For that, Hutchison is looking to the capabilities within GitLab Duo, which enables AI agents on the GitLab platform to constantly monitor projects, so teams can anticipate potential production issues, proactively identify and resolve vulnerabilities, and optimize applications for peak performance. “I think having agentic AI that has the ability to offer context-aware assistance, and autonomously plan, execute, and adapt to achieve a goal is going to be a profound change to the way we work,” he adds. “I think the thing we're most excited about is moving away from discrete AI interactions to a more comprehensive activity. That could be fundamentally transformative to our bank.”

By strengthening its core DevSecOps platform with GitLab - reducing unnecessary context switching, standardizing controls, easing troubleshooting, and accelerating development - Barclays continues to make great strides in improving the overall developer experience.

"These kinds of benefits end up being cumulative and really make a difference to all of our team members," says Hutchison, who notes the organization now is seen as a DevSecOps thought leader.

By providing a more consistent development platform and clearer standards, new hires can be up and running productively by their first day, and often get their first commit within their first week.

"The user experience has taken a quantum leap forward," he says. "Before, it could be a challenging world to work in with all the context shifting, data getting distorted between tools, and manual work loads. Now it's just easier and more joyful. Since there are fewer frustrations, people are happier, and that, ultimately, has a big business impact."

From developer experience to security to AI, the transformation has been so evident that Hutchison was inspired to message GitLab directly: "Having worked with GitLab for less than two years, I could say it has been one of the highlights of my career. It's enabling us to modernize how we build and secure software, while giving our engineers a better experience – and that’s fundamental to delivering for our customers and clients."