Blog

Deep dives on AI code quality, security audits, and what actually happens when you ship AI-built apps to production.

The 72 Hours That Forced CISA's Hand — 7 AI Agent Exploits HN Completely Missed

Between June 30 and July 2, 2026, seven major AI agent vulnerabilities were disclosed or exploited. Cursor had a zero-click RCE. Ten of eleven open-source coding agents were vulnerable to shell injection. AI agents were hallucinating 250,000 domains that adversaries could register. HN didn't notice any of it. Four days later, CISA put the first AI agent platform on KEV.

·
ai-securityagent-securitycursor

Academia Just Built the Scientific Foundation for AI Agent Audits — and Found 238 Security Risks in 5,399 Real Agents

Two papers published in the last three weeks define the first static analysis framework for AI agent programs and a risk-scoping BOM standard. They found 238 taint-style prompt-to-tool risks across 5,399 real-world agents — and their evaluation required a manual audit set because automated tools can't make trust judgments. The audit market now has academic backing.

·
ai-securityagent-securityacademic-research

Agentjacking: A Single Public Sentry Key Is All It Takes to Hijack Claude Code, Cursor, and Codex. Datadog, PagerDuty, and Jira Have the Same Exposure.

Tenet Security researchers discovered a novel attack class where fake error reports injected through a public Sentry DSN cause AI coding agents to execute attacker-controlled code on developer machines. 85% success rate across Claude Code, Cursor, and Codex. 2,388 organizations confirmed exposed. And the same blind spot exists in every MCP-connected data source your developers trust.

·
ai-securityagent-securityagentjacking

The 48 Hours That Broke AI Agent Security

Friendly Fire and GhostApproval: two exploits published within 48 hours prove that AI coding agents can't secure themselves — and the government is mandating them anyway.

·
ai-securityvibe-codingagent-security

Get notified about new posts

No spam. Just deep dives on AI code quality and security. Drop your email or follow along.

Get in touch →