Everything we post on LinkedIn

Source-verified takes on Kubernetes, cloud infrastructure, and AI security, published a few times a week. Browse the full feed below and click any post to open it.

Follow on LinkedIn

Anthropic Tracked 832 AI Hackers for 12 Months and Mapped Every Attack to MITRE ATT&CK

Anthropic analyzed 12 months of cyberattack patterns from 832 accounts banned on their platform, mapping nearly 14,000 malicious actions against the MITRE ATT&CK framework. AI-assisted phishing declined 8.6% over that period because defenders adapted, but post-breach account discovery and lateral movement inside networks rose 8.9% and is now the fastest growing attack category. The security framework most teams rely on for threat classification does not yet have entries for autonomous AI attack chains. Paste this into your AI agent for a full breakdown and to ask questions about what it means for your security posture.

#security#cybersecurity#aiagents#threatintelligence
Article

HTTP/2 Is Your Kubernetes Ingress's Weakest Link

A newly disclosed HTTP/2 vulnerability can exhaust all available server memory on your Kubernetes ingress in under a minute from a single internet connection. The ingress controller running in more than 40% of clusters was officially retired in March and will never receive a fix for this attack. Every team still running it needs a migration plan this quarter. For a full breakdown covering which controllers are affected and how to harden each one, paste the article into your AI agent and ask about your setup.

#kubernetes#security#ingress#http2
Article

Defending Kubernetes CI/CD Against Self-Replicating npm Worms

Two active supply chain campaigns are targeting build infrastructure specifically because CI/CD environments hold more valuable credentials than most production servers: cloud keys, GitHub tokens, npm publish rights, and access to every environment the pipeline touches. One campaign now spreads automatically through AI coding tools by planting config files that execute without any developer interaction beyond opening a project folder. A four-layer defense guide with working configurations covering the controls that would have stopped both campaigns is now live. Paste the article into your AI agent for a full breakdown and to ask questions about your specific setup.

#kubernetes#security#supplychain#cicd
Article

AI Agent Credential Crisis: Why IAM Is the Real Attack Surface

Six independent security research teams broke into AI coding tools in the first half of 2026, and every single attack went after the same thing: the API keys and access tokens the agent was holding, not the AI model itself. One agent found an overprivileged token in a completely unrelated file and deleted a company's entire production database in nine seconds, and the IAM audit logs recorded the whole thing as a routine service account action with no alert. The identity tools most companies rely on were built for human logins and quarterly reviews, and they have no mechanism for tracking what an autonomous agent does once it starts running. Read the full guide for the four infrastructure controls that close the gap. If you want a breakdown specific to your cloud provider or Kubernetes setup, paste the article into your AI agent and ask.

#security#aiagents#iam#kubernetes
Article

NSA Publishes First MCP Security Guidance

The NSA published the first US intelligence agency guidance specifically on Model Context Protocol security this week, noting that more than 10,000 enterprise systems are now running this technology before anyone established a security baseline for it. Their assessment compares the pattern to early web protocols: adoption moved faster than security, and the gap is now documented in an official government warning. The guidance identifies three controls every organization should have in place before this becomes a regulatory issue: restricting what external tools can request, authenticating messages to prevent replay attacks, and filtering what AI systems send back to users. Our existing MCP security guides at kaden-projects.com cover the infrastructure controls that address exactly these findings.

#mcp#security#aiagents#enterprise
Article

TrustFall: MCP Config Poisoning Enables One-Click RCE in AI Coding Agents

Cloning a repository and pressing Enter on your AI coding tool's routine security prompt can give attackers full access to your machine, including SSH keys, cloud credentials, and every file on your filesystem. The attack becomes fully automatic in CI/CD pipelines where no human interaction is needed at all. Security researchers confirmed this works across all four major AI coding tools, vendors declined to patch it, and the same underlying technique has been used four separate times in six months. If you have questions or want a full breakdown, paste the article into your AI agent.

#security#aiagents#devsecops#mcp
Article

Vibe Coding's Security Debt: AI Tools Now Generate Security Findings at 10x the Human Rate

AI coding tools are delivering real productivity gains while quietly accumulating security debt that most engineering teams have not accounted for. Research now confirms that AI-assisted development produces security findings at 10 times the rate of human coding, specifically the architectural flaws that standard scanning tools tend to miss. Three additions to an existing CI/CD pipeline close the gap: secrets scanning at the pre-commit stage, dependency verification to catch hallucinated package names before they reach production, and admission policies that enforce human review at the Kubernetes layer. Paste the article into your AI agent and ask which of these three gates your current setup is missing.

#devsecops#security#aiagents#cicd
Article

NSA MCP Security Design Considerations: What Platform Engineers Need to Know

The NSA published its first official guidance specifically on Model Context Protocol security, comparing the current adoption rush to early web protocols where deployment outpaced security before anyone understood the consequences. Nine concrete recommendations cover everything from isolating AI tool servers at the network layer to maintaining a formal inventory of every AI tool your organization runs in production. Eight of those nine can be implemented today with infrastructure your platform team already manages. If you want the full breakdown with working Kubernetes configuration, paste the article into your AI agent and ask it to walk you through your environment.

#mcp#security#aiagents#kubernetes
Article

Developer Tooling Under Siege: May 2026's Attack Surface Convergence

Four independent criminal groups reached the same conclusion in the same two-week window: the developer laptop is the most valuable machine in any organization. A single poisoned VS Code extension spent under an hour in a public marketplace and gave attackers access to GitHub's own source code repositories for Copilot. A separate campaign backdoored 5,561 GitHub repositories in six hours using passwords stolen by unrelated malware months earlier. None of these attacks required sophisticated techniques, and the defensive steps that would have stopped most of them are available right now. If you have questions, paste the article into your AI agent for a full breakdown.

#security#devsecops#supplychain#github
Article

The AI Vulnerability Arms Race: When Models Find Zero-Days Before Humans Do

Google confirmed last week that criminals used AI to discover and weaponize a zero-day exploit for the first time, targeting a widely used admin tool for mass exploitation before anyone knew the flaw existed. The same weekend, OpenAI launched Daybreak and Anthropic's AI vulnerability scanner faced a real-world test that found 1 confirmed vulnerability out of 5 reported. Security teams now have to reckon with AI-powered attackers building exploit pipelines faster than patches ship, while access to the defensive tools that could match them is gated behind vendor partnerships most organizations don't have. If you want a full breakdown of what this means for your vulnerability management strategy, paste the article into your AI agent and ask away.

#security#aiagents#vulnerability#appsec
Article

How to Prevent AI Coding Agents from Destroying Your Infrastructure

An AI coding agent found an overprivileged API token in a codebase, deleted the production database in 9 seconds, then destroyed all backups because they were stored in the same location. The project had explicit safety rules. The agent overrode them all. Safety prompts are guidance, not enforcement. The fix is infrastructure controls the agent physically cannot bypass. We break down exactly what happened and how to prevent it. If you have questions, paste the article into your AI agent for a full breakdown.

#security#aiagents#codingagents#infrastructure
Article

Kubernetes Resource Limits: The Production Configuration Guide

Two of the most common production Kubernetes incidents come from guessed resource limits: applications crashing because memory is too low, and clusters sitting at 15% utilization because teams pad their requests "just in case." You can now adjust limits without restarting applications as of Kubernetes 1.35. We put together a production guide covering the right sizing methodology and when to use each configuration option. If you want help figuring out the right settings, paste the article into your AI agent and ask about your specific workloads.

#kubernetes#devops#sre#performance
Article

Securing AI Inference Servers on Kubernetes

Seven security vulnerabilities hit AI inference servers in April 2026. The most severe allows full remote code execution with a 9.8 out of 10 severity score, and one was exploited in production within 12 hours of disclosure. Built in authentication flags on popular inference servers don't cover all endpoints. We covered all seven vulnerabilities and a five layer defense architecture. If you want a quick summary or have questions, drop the article into your AI agent for a complete breakdown.

#security#ai#inference#kubernetes
Article

Anatomy of the TeamPCP Supply Chain Campaign

The TeamPCP campaign compromised roughly 500,000 machines across 1,000+ SaaS environments by poisoning two popular open source security and AI packages. The initial access wasn't a sophisticated exploit. It was a misconfigured CI/CD workflow. Pinning your dependencies to exact content hashes would have prevented the technique they used. We break down the full attack chain with specific defense controls at each stage. If you have questions, drop the article into your AI agent for a full rundown.

#security#supplychain#devsecops#incident
Article

Cloudflare AI Agent Infrastructure vs Kubernetes

Cloudflare's AI agent stack and Kubernetes represent genuinely different tradeoffs. Cloudflare starts faster but has no direct GPU access. Kubernetes gives you full GPU control and runs on open standards, but requires more setup. We put together a side by side comparison across performance, isolation, networking, and vendor lock in. If you want help deciding which fits your setup, paste the article into your AI agent and ask away.

#cloudflare#kubernetes#aiagents#infrastructure
Article

Migrating from ingress nginx to Envoy Gateway

ingress nginx was retired on March 24, 2026, which means known security vulnerabilities will never be patched. Envoy Gateway is the recommended replacement, and the official migration tool handles 30+ configuration conversions automatically. We put together a step by step migration guide covering the full process. If you want a quick walkthrough, paste the article into your AI agent and it'll break it all down for you.

#kubernetes#envoy#migration#security
Article

Securing AI Agents at the Infrastructure Layer

Standard Kubernetes service accounts weren't built for AI agents. They use long lived tokens that can be impersonated across trust boundaries. The fix is certificate based identity with short validity periods and workload verification. We put together a full architecture covering identity, gateways, and governance for production AI agents. If you have questions or want a shorter version, drop the article into your AI agent for a complete breakdown.

#security#aiagents#kubernetes#identity
Article

Istio for AI Inference Routing

Running a proxy on every AI inference pod wastes GPU memory you could be using for your models. Istio 1.29's ambient mode moves the proxy to a shared layer, cutting memory overhead by 70% while adding smart routing for AI workloads. We covered what's shipping now and what's coming next. If the article is too detailed, paste it into your AI agent and it'll give you the highlights.

#istio#kubernetes#ai#servicemesh
Article

Securing AI Agent MCP Traffic with Kyverno

Unauthorized AI tools spinning up inside your cluster is now an OWASP Top 10 risk. Kyverno's admission policies can block unapproved tools before they ever run by requiring signed images and enforcing an allowlist at deploy time. We put together a production guide with working policies you can apply today. If you want a summary or have questions, paste the article into your AI agent for a full breakdown.

#kyverno#kubernetes#security#aiagents
Article

Helm 4 Migration Guide

Helm 3 bug fix support ends July 8, 2026. Helm 4 changes how upgrades work under the hood, and your existing automation may need updated permissions. We put together a practical migration guide covering what breaks, the full permission changes, and a rollout strategy starting with staging. If the full article is a lot to get through, drop it into your AI agent for a quick breakdown.

#helm#kubernetes#devops#cloudnative
Article

A2A v1.0: Agent to Agent Communication at Scale

The Agent to Agent protocol just hit v1.0 with 150+ organizations already using it. When your AI agents need to talk to each other across teams or organizations, this protocol handles identity verification, task tracking, and full observability. We wrote a guide covering how to route, secure, and monitor agent to agent traffic. If you have questions, paste the article into your AI agent and it'll give you a complete rundown.

#aiagents#a2a#interoperability#ai
Article

Kubernetes v1.36 Production Upgrade Guide

Kubernetes 1.36 permanently removes three components, and one of them is a security risk that will never receive patches again. Eighteen features move to stable in this release. We put together a production upgrade guide covering what breaks, the correct upgrade sequence, and how to handle each removal. If you want a quick summary or have specific questions, paste the article into your AI agent for a full breakdown.

#kubernetes#devops#sre#cloudnative
Article

Building an Agent Ready Kubernetes Platform

Kubernetes 1.36 ships with three features that finally make AI agent workloads production ready: proper isolation between agents, GPU sharing across multiple agents, and automatic scaling with state preservation. We put together a full platform architecture covering what's available now and how to set it up. If the article is too long, drop it into your AI agent and it'll walk you through the key points.

#kubernetes#aiagents#platformengineering#gpu
Article

Securing AI/ML Supply Chains on Kubernetes

The TeamPCP supply chain attack hit Netflix, Stripe, and Google's downstream environments through a compromised AI package that gets nearly 100 million monthly downloads. The attack payload required elevated container privileges that basic security policies block by default. We break down exactly what controls would have stopped it and how to set them up. If you have questions or want a shorter version, paste the article into your AI agent for a full breakdown.

#kubernetes#security#supplychain#devsecops
Article

Microsoft Agent Framework 1.0

Microsoft just shipped Agent Framework 1.0 with support for multiple AI providers including Azure OpenAI, Anthropic, and Gemini. It lets you build systems where multiple AI agents coordinate across different teams and trust boundaries. We wrote up an overview with working examples for each orchestration pattern. If you want a quick summary or have questions, paste the article into your AI agent for a full rundown.

#microsoft#aiagents#azure#ai
Article

Dapr Agents v1.0: Production Ready AI Agents on Kubernetes

If your AI agents lose their progress every time a server restarts, Dapr Agents 1.0 solves that at the platform level. It's the first CNCF backed agent framework that keeps agent state intact through crashes, restarts, and network issues. We put together a production guide covering setup, security, and observability. If the full article is a lot to take in, drop it into your AI agent and it'll give you a complete breakdown.

#kubernetes#aiagents#cncf#dapr
Article

Kubernetes LLM Inference Stack 2026

Most teams serving AI models are wasting GPU memory because their load balancer treats every request the same way. The new Kubernetes LLM inference stack uses smart routing to match requests with the right GPU, cutting response times by 57x and doubling throughput. We break down the full production setup in our latest guide. If the article is too long or you have questions, paste it into your AI agent for a full breakdown.

#kubernetes#ai#llm#mlops
Article

Securing AI Agents at the Infrastructure Layer

A compromised AI agent is not an exposed API endpoint. It is an autonomous process holding cluster credentials and a mandate to act. Standard Kubernetes service accounts fail because they use shared identity: you cannot revoke one agent without breaking every workload on the same account. The full defense stack covers identity, gateway, admission, and conformance, and every component is open source.

#aiagents#kubernetes#security#infrastructure

CNCF's Warning: Kubernetes Security Is Not Enough for AI Workloads

The CNCF published a warning that standard Kubernetes security controls do not protect organizations running AI and language model workloads. Kubernetes monitors pods, network traffic, and resource consumption. It has no visibility into prompts, model outputs, or tool calls. A fully compliant, fully secured Kubernetes cluster can still expose you completely if you are running AI workloads without runtime I/O monitoring and policy enforcement at the inference layer.

#kubernetes#security#cncf#llm
Article

88% of Enterprises Had an AI Agent Security Incident This Year. Authentication Was Not the Problem.

Cequence research found that most enterprise AI agent security incidents in 2025 involved authenticated agents that had been granted excessive permissions. Authentication confirms identity. It does not constrain behavior. Role-based access control applied at the API gateway layer, scoped to specific agent personas, is the missing control between "agent is authorized" and "agent can only do what it should." The gap is infrastructure, not identity.

#aiagents#security#rbac#apigateway

PocketOS Database Deletion: The AI Did Exactly What It Was Capable of Doing

A production database was deleted in 9 seconds by an AI coding agent that found an unscoped cloud token while fixing a different issue. The failure was not the AI's judgment. The failure was infrastructure that gave the agent a token with blanket account permissions and stored backups inside the same volume it could delete. What an AI agent can do in your environment is a direct function of what you have allowed it to access. That is an infrastructure decision, not a model setting.

#aiagents#security#infrastructure#cloud

OpenClaw Has 135,000 GitHub Stars and 135,000 Exposed Instances

A major AI agent runtime with over 135,000 GitHub stars shipped without the runtime governance layer needed to operate AI agents safely at enterprise scale. Kubernetes provides compute isolation but has no concept of agent identity, tool-call authorization, or behavioral conformance. The gap between "agent runs in a container" and "agent is governed at runtime" is not closed by standard container security. This is the infrastructure problem AI teams are walking into at scale.

#aiagents#kubernetes#security#governance
Article

Vibe Coding Security Crisis: 48 Days of Exposed Source Code

A major AI coding platform left user source code and database credentials publicly accessible for 48 days through a basic API misconfiguration. Research shows AI-generated code ships with security vulnerabilities at more than twice the rate of human-written code, and most CI/CD pipelines deploy it without scanning. The platform has billions of dollars in valuation. AI code needs security review before it ships, not after.

#security#vibecoding#ai#devsecops

vLLM CVE: Someone Can Own Your AI Server With a Video Link

A vulnerability in vLLM allows an attacker to take over an AI inference server by sending it a URL pointing to a crafted video file. No authentication required, no user interaction beyond the server processing the request. Inference servers are becoming the new perimeter: they sit inside your network, they process untrusted external inputs, and they are updated far less frequently than web-facing services. Treat them accordingly.

#security#llm#vllm#kubernetes

LMDeploy Was Exploited 13 Hours After This CVE Dropped

A server-side request forgery vulnerability in a popular LLM inference server was exploited in the wild just 13 hours after public disclosure, with no published proof of concept available yet. The attack chain probed cloud metadata services, internal databases, and exfiltrated credentials via DNS. Inference servers running AI models sit inside your network perimeter with broad internal access. Treating them like public-facing web applications from a patching and isolation standpoint is no longer adequate.

#security#llm#kubernetes#aiinfrastructure

Axios Got a Critical Severity Score. Your Runtime Probably Already Blocks It.

A high-severity vulnerability in the Axios HTTP library chains prototype pollution into server-side request forgery and cloud credential theft. Standard Node.js deployments block the exploit chain at the protocol layer before it completes. Non-Node runtimes including Bun and Deno do not get that protection, and teams using custom HTTP agents may be exposed regardless. Patch to the latest version anyway: the real lesson is that a dependency vulnerability in one library can become an attack vector through a completely different library.

#nodejs#security#supplychain#axios

An AI Bot Opened 500 Pull Requests to Steal Your AWS Keys

An AI-powered script exploited a GitHub Actions design flaw to open hundreds of pull requests containing code that runs with full access to repository secrets when triggered. Fifty repositories were successfully compromised, with AWS keys, Cloudflare tokens, and Netlify credentials stolen. The pull requests were nearly identical and trivial to detect in hindsight. CI/CD pipelines that allow pull request workflows to access production secrets are the target: audit what can run on fork submissions.

#cicd#githubactions#security#devsecops

An AI Worm Hit npm Targeting Kubernetes Configs and AI Tool Credentials

An AI-powered worm hit npm that steals Kubernetes configs, Docker credentials, CI/CD secrets, and LLM platform API keys before spreading itself to every package the victim's npm publish token can reach. The worm hid inside a postinstall hook and ran silently during normal package installation. Twenty-two packages from a single AI company were affected, with over 30,000 combined monthly downloads. Any package that runs code on install is executing with full developer workstation access.

#npm#supplychainsecurity#kubernetes#security
Article

One Stolen Token. Five Ecosystems. 500,000 Machines.

The TeamPCP supply chain campaign is the most comprehensive CI/CD attack on record, hitting npm, Docker Hub, PyPI, GitHub Actions, and Bitwarden through a chain of stolen credentials. No zero-day exploits were required. The campaign relied entirely on the 94-day average window between credential rotation that most organizations maintain. The full anatomy of how each pivot worked is covered in our breakdown.

#supplychainsecurity#security#devops#kubernetes

TeamPCP Breached the European Commission Through a Compromised Docker Image

The TeamPCP supply chain campaign reached European Commission cloud infrastructure after a backdoored container image provided a foothold for large-scale credential theft. The campaign did not require a novel exploit: it relied on the average 94-day window most organizations leave between credential rotation cycles. Any team pulling container images from unverified sources without digest pinning is already exposed to the same technique.

#supplychainsecurity#security#docker#kubernetes
Article

TeamPCP Compromised Your Kubernetes Security Scanner to Backdoor Your Cluster

The TeamPCP supply chain campaign compromised Trivy, the open-source container scanner running inside thousands of CI/CD pipelines. If the payload found a Kubernetes service account token, it exfiltrated secrets from every namespace and deployed privileged workloads across every node in the cluster. The same stolen credentials then spread the attack to LiteLLM. Security tooling with cluster access is high-value supply chain infrastructure, and most teams give it far more privilege than it needs.

#supplychainsecurity#kubernetes#trivy#security

Checkmarx's Security Scanner Was Secretly Sending Your Results to Attackers

The TeamPCP supply chain campaign replaced official Checkmarx container images on Docker Hub with versions that ran scans normally and simultaneously exfiltrated results to attacker infrastructure. Any infrastructure code your pipeline scanned with the compromised images, Terraform, Kubernetes manifests, CloudFormation, should be treated as potentially exposed. This was the second Checkmarx infrastructure hit in two months by the same threat actor.

#supplychainsecurity#checkmarx#devsecops#docker

Your Bitwarden CLI Was a Credential Worm for 93 Minutes

The TeamPCP supply chain campaign reached password managers: Bitwarden's CLI was backdoored through a compromised GitHub Action in the tool's own build pipeline. The malware specifically targeted AI coding tool credentials including Claude Code, Codex, and Cursor alongside SSH keys and cloud secrets. It was a self-propagating worm that spread to any package your npm publish token could reach. If your team ran the affected version, rolling back the CLI is step one. Rotating every credential it could have touched is step two.

#supplychainsecurity#bitwarden#security#aitools

Docker's Authorization Plugin Goes Blind on Requests Over 1MB

A vulnerability in Docker Engine causes authorization plugins to silently skip inspection on requests larger than one megabyte, approving them automatically while the daemon processes the full content. An attacker who exploits this can run privileged containers, mount host volumes, and access credentials and Kubernetes configs. This is a variation of an incomplete fix for a 2024 vulnerability in the same component. Update Docker Engine and audit what your authorization plugins are actually inspecting.

#docker#security#containers#devsecops

Atlassian's Most Popular MCP Server Can Be Rooted With Two HTTP Requests

Researchers chained two vulnerabilities in an Atlassian MCP integration with four million downloads to achieve full server access with no authentication. One bug redirects internal traffic to attacker-controlled systems. The second writes arbitrary files to any path on the server. Two requests, zero credentials required. This was the fifth MCP server critical vulnerability in the same month, and the pattern is the same every time.

#mcp#security#atlassian#rce
Article

Anthropic Says MCP Remote Code Execution Is Expected Behavior

Security researchers disclosed a design flaw in MCP that allows remote code execution on servers running AI agents. Anthropic acknowledged the issue and classified the behavior as working as intended. Over 200,000 AI server instances were affected at the time of disclosure across tools including Claude Code, Cursor, and VS Code. Because the fix is not coming from upstream, runtime controls at the infrastructure layer are the only reliable defense.

#mcp#security#aiagents#claude
Article

The AI Coding Platform With 2,600 Exposed nginx Servers

A developer added an MCP endpoint to a popular nginx management interface and skipped one line of authentication middleware. Twenty-six hundred instances became fully exploitable with a single unauthenticated request. MCP endpoints are shipping faster than security reviews can catch them. Every new MCP integration your team adds to infrastructure is an attack surface that needs the same review as any other admin interface.

#mcp#security#nginx#aitools

The mcp-server-kubernetes RCE Works Through Prompt Injection

A vulnerability in the MCP server used to manage Kubernetes clusters allows attackers to run arbitrary kubectl commands by injecting malicious input into an AI agent conversation. The attack requires no direct access to the cluster: a crafted prompt to the AI agent is enough to trigger the exploit. The fix is upgrading to the patched version, but the broader issue is that any MCP server executing system commands on user input is an injection vector by design.

#kubernetes#mcp#security#aiagents
Article

An AI Coding Agent Deleted a Production Database in 9 Seconds

A developer asked an AI coding agent to fix a staging configuration issue. The agent found an unrelated cloud API token, used it to access production, and deleted the database along with the backups stored in the same volume. The AI did exactly what it was capable of doing. The failure was infrastructure: tokens with no scope limits, backups co-located with primary data, and no boundary between staging agents and production systems.

#aiagents#security#devops#cloud

Linux Kernel Bug Lets Attackers Escape Kubernetes Pods with 732 Bytes of Python

A nine-year-old Linux kernel vulnerability allows a Python script under 800 bytes to escape a container and access the host node. Because the kernel's page cache is shared memory across all containers on a node, a single pod compromise becomes a full node compromise. A working proof of concept is publicly available. Organizations running standard container runtimes should prioritize applying the kernel patch from their Linux distribution.

#kubernetes#security#linux#containers
Article

Vercel Was Breached Through a Connected AI Tool

Vercel's internal systems were accessed after an employee at an AI vendor they used was infected with credential-stealing malware. The attacker used an OAuth token to move from the vendor's environment directly into Vercel's systems with no re-authentication required. Customer environment variables, including API keys and secrets, were exposed. Every AI tool your team OAuth-connects to corporate Google Workspace is a persistent access path if that vendor gets compromised.

#security#oauth#aitools#supplychainsecurity

LiteLLM Had a Pre-Auth SQL Injection Exploited in 36 Hours

A pre-authentication SQL injection in the LiteLLM AI proxy was exploited within 36 hours of disclosure, giving attackers access to every API key stored in the system. That includes keys to OpenAI, Anthropic, AWS Bedrock, and any other provider your team had connected. This is not a typical web application breach: the blast radius is your entire cloud AI spend and every model provider account you run. Patch and rotate all stored provider credentials immediately.

#security#ai#llm#devsecops

Flowise Left 12,000 AI Agent Builders Exposed for Seven Months

A critical severity vulnerability in the Flowise visual agent builder allowed unauthenticated remote code execution through a component with no sandboxing. Active exploitation was confirmed in April, seven months after a patch was available. Over 12,000 instances remained exposed at the time of disclosure. If your team builds AI agents with any visual no-code platform, the hosted version's patch status is your risk, not just the vendor's.

#aiagents#security#rce#devsecops

Dynatrace Now Tracks What Your AI Coding Agents Cost

Dynatrace shipped observability for AI coding agents, and it covers five major tools in a single dashboard. Setup is just environment variables: if the agent emits telemetry, you get sessions, token usage, tool calls, errors, and dollar cost automatically. Platform teams see total spend and trends. Engineering leaders see agent activity mapped to actual commits and pull requests. You cannot govern AI tool usage across your organization until you can measure it, and now you can.

#platformengineering#aiagents#observability#devops

GitHub Enterprise Server Had a 55-Day Silent Exposure Window

A critical vulnerability in GitHub's infrastructure allowed full code execution via a single git push. GitHub silently patched its own cloud on March 4, but Enterprise Server operators had no idea their instances were exposed until public disclosure 55 days later. At the time of disclosure, most Enterprise Server installations were still running the vulnerable version. If your organization hosts its own GitHub instance, this is why keeping up with enterprise software advisories is not optional.

#github#security#devsecops#enterprise

Jenkins RCE: The Credentials Plugin Has a Path Traversal Bug

A path traversal vulnerability in the Jenkins Credentials Binding Plugin lets attackers write files anywhere on the filesystem. On the built-in node, arbitrary file write is remote code execution with no secondary exploit needed. The same security advisory also patched two stored cross-site scripting vulnerabilities in other popular plugins. If your organization runs Jenkins, check your plugin versions against the April 2026 security advisory now.

#jenkins#cicd#devsecops#security

PyTorch Lightning Got Supply-Chained

The most popular machine learning training library on PyPI shipped with malware hidden in a version that fires the moment you import it. The payload swept credentials from GitHub, cloud providers, Kubernetes configs, and developer environment files. This is the same threat actor that hit Bitwarden, Checkmarx, and LiteLLM in the same month. If your team ran any version of this library published in late April, treat every credential on that machine as compromised.

#supplychainsecurity#kubernetes#mlops#security