securityai-agentsdevsecops +3
Configuration-Based Sandbox Escape: Why Your AI Coding Agent Trusts a Settings File It Should Not
A malicious repo can flip Claude Code's security settings without any prompt injection - just by being cloned. Here is how CBSE works and the org-level hardening recipe.
securitykubernetesgitops +2
Your Argo CD Diff View Is a Secret-Exfiltration Surface: Hardening GitOps After CVE-2026-42880
CVE-2026-42880 exposes plaintext Kubernetes Secrets to any Argo CD user via the diff view. Patch floor, RBAC hardening playbook, and secrets architecture.
Your Model Registry Is an RCE Vector: Pickle Deserialization in MLOps
Pickle deserialization in MLOps turns model files and inference RPC sockets into RCE vectors. Learn how to harden your model registry and serving pipeline.
securitydevsecopssupply-chain +4
Your AI Coding Assistant Plugin Is the New Supply Chain Attack Surface: Securing IDE Marketplaces for Dev Teams
Malicious JetBrains plugins stole AI API keys from 70K devs. Platform defense: IDE allowlists, LLM gateway brokering, egress detection, key rotation.
securitydevsecopsai-agents +3
Vibe Coding's Security Debt: The AI-Generated CVE Surge
74 confirmed CVEs traced to AI-generated code. 45% OWASP failure rate. Learn how to build the CI/CD security pipeline your AI coding tools require.
ai-agentsplatform-engineeringdeveloper-tools +2
From Vibe Coding to Spec-First: How Agentic IDEs Are Redefining Engineering Process
Engineering leads explain how Kiro, Cursor Plan Mode, and Claude Code implement spec-first development — and how to enforce compliance at org scale with CI gates and EARS linting.
securityai-agentskubernetes +2
Stop Giving AI Agents Real Credentials: Egress Gateways and Credential Vaulting on Kubernetes
AI agent egress gateways remove real secrets from the agent's reach. Category analysis vs NetworkPolicy, Cilium, LLM gateways, and sandboxes.
securitykuberneteshttp2 +3
HTTP/2 Is Your Kubernetes Ingress's Weakest Link: From Compression Bombs to Rapid Reset
CVE-2026-49975 exhausts 32 GB of server memory in seconds. ingress-nginx won't be patched. Per-controller hardening guide for Envoy, NGINX, and HAProxy.
securityaivulnerability-management +2
The AI Vulnerability Arms Race: When Models Find Zero-Days Before Humans Do
How AI vulnerability discovery changed security in May 2026: the first criminal zero-day, OpenAI Daybreak, Anthropic Glasswing, and what to do now.
TrustFall: How MCP Config Poisoning Enables One-Click RCE in AI Coding Agents
TrustFall exploits MCP config poisoning to enable one-click RCE in Claude Code, Gemini CLI, Cursor, and Copilot CLI. Enterprise defenses here.