Jul 8, 2026 in ai-coding - Security firm Noma disclosed GitLost, a prompt-injection flaw in GitHub Agentic Workflows. A crafted public issue made the AI agent leak private repository data. How the attack worked and what it teaches about agent security.
Jul 8, 2026 in ai-coding - China's cyber authority flagged a 'backdoor' in Anthropic's Claude Code, and Alibaba banned it. Anthropic calls it an anti-abuse experiment. The facts, both sides, the affected versions, and the practical fix.
Jul 8, 2026 in ai-coding - A KAIST study found AI agents can use up to 136.5x more electricity than a standard chatbot per query. Here is what the number really means - it is a peak, not an average - and why the real problem is idle GPUs.
Jul 6, 2026 in ai-coding - Databricks open-sourced Omnigent, a meta-harness that orchestrates AI coding agents like Claude Code, Codex and Cursor. What a meta-harness is, its three capabilities, and where it fits for developers.
Jul 6, 2026 in ai-coding - Researchers showed that malicious AI agent skills can hide from static scanners using a technique called SkillCloak, and real malicious skills have appeared on agent marketplaces. What skills are, how the evasion works, and how to stay safe.
Jul 5, 2026 in ai-coding - Sysdig documented JadePuffer, which it calls the first agentic ransomware - an AI agent that ran an entire extortion attack on its own, from break-in to encryption. What it did, why 'agentic' matters, and how to defend.
Jul 4, 2026 in ai-coding - Mistral released Leanstral 1.5, a free Apache-2.0 model for Lean 4 that formally proves math and code correct. What formal verification is, the benchmark numbers Mistral claims, and where the model actually fits for developers.
Jul 4, 2026 in ai-coding - A leaked video revealed Project Aion, an internal Microsoft prototype where Copilot replaces the Windows shell (no Start menu, taskbar or desktop). It runs on a web-based codebase called Win3 inside Edge. The video is reportedly about two years old, so the project is very likely abandoned, and Microsoft has not commented.
Jul 3, 2026 in ai-coding - Cato AI Labs disclosed two critical Cursor flaws nicknamed DuneSlide (CVE-2026-50548 and CVE-2026-50549, CVSS 9.8). They allow zero-click remote code execution via indirect prompt injection. Here is how they work and why they are already fixed in Cursor 3.0.
Jul 3, 2026 in ai-coding - Anthropic has brought Claude Fable 5 back with new cybersecurity safeguards and shared a jailbreak severity framework. Here is what came back, the safety classifiers, the four severity criteria, and what Anthropic has promised.