SecurityWeek

Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks

Decades-old Bash shell tricks can bypass safeguards in most open source AI coding agents, creating a new software supply ...
SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.

The attack that hijacked Claude Code came through Sentry. Datadog, PagerDuty, and Jira have the same exposure.

Tenet Security hijacked Claude Code in 85% of tests via a fake Sentry error — no stolen credentials, no alerts. Datadog and ...
GitHub

SWARM: System-Wide Assessment of Risk in Multi-agent systems

AGI-level risks don't require AGI-level agents. SWARM is a research framework for measuring emergent failures that only appear when many AI agents interact — even when individual agents are safe.
InfoQ

How AI with Prompt Engineering Supports Software Testing

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
GitHub

This repository contains CloudFront Bypasses. Contributions are welcomed

Based on recent and historical shares on X (formerly Twitter), here are the most notable, high-quality ("world-class") blog posts and detailed write-ups on bypassing Amazon CloudFront's Web ...
Wired

AI Code Hallucinations Increase the Risk of ‘Package Confusion’ Attacks

AI-generated computer code is rife with references to nonexistent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages ...