All articles tagged with security
North Korean hackers are using realistic technical assessments to deliver malware through npm packages. You clone a repo, run npm install, and your machine is compromised before you finish the coding challenge. This isn't hypothetical: it's an active, coordinated operation called Contagious Interview, and it's targeting crypto devs with surgical precision.
Started with a simple username/password form. Ended up debugging SAML XML and writing OPA Rego policies. One developer built a satirical site to capture the absurd complexity of modern authentication, and honestly, it's too real.
Match Group's Chemistry feature promises better matches by scanning your photos. What it delivers is surveillance capitalism dressed up as matchmaking, with your most intimate data as the price of admission. The dating app industry's privacy record suggests this will not end well.
Sockpuppetting hits 97% attack success on Qwen3-8B by prepending "Sure, here's how to..." to the model's output. No gradients, no optimization, just one line of inference code that outperforms GCG by 80 percentage points. The implications for self-hosted LLM deployments are wild.
The AI industry says anyone can ship code now. What they don't say: you're legally responsible for every security hole the AI creates, even if you can't read the code it wrote. Courts don't care that Claude scaffolded your auth system. If it leaks PII, you're liable.
Kai's MCP security server logged 210 AI agent interactions over three days. 54 contained actual prompt injection attempts: credential extraction, directory traversal, social engineering. Zero succeeded. Here's the full catalog of real-world MCP attack patterns, and why they failed.
Peter Steinberger built an open-source agent framework that lets AI actually do stuff instead of just chat. OpenAI hired him on Feb 15, 2026. Now the question isn't 'what can your chatbot say' but 'what can your agent ship.' Also: security is about to become everyone's problem.
Stack Overflow published how MCP authentication should work. I scanned 518 production servers to see what they actually do. Spoiler: 156 servers let anyone call tools that post tweets, trigger CI/CD, and send emails. No token required.
Austrian dev ships weekend project in November 2025. By February 2026: 200,000 GitHub stars, 42,000 exposed instances, 1,184 malicious packages, and a one-click RCE. Then OpenAI hired him. This is what happens when AI agents grow faster than their security model.
OpenClaw went from weekend project to OpenAI acquihire in three months. In between: 1,184 malicious packages, 42,000 exposed instances, and the fastest supply chain attack in open source history. This is what happens when AI agents grow faster than their security model.
Yannick Dixken found a critical vulnerability exposing divers' personal data. The organization's response? Legal threats and an NDA demand. Eight months later, users still haven't been notified. This is why responsible disclosure is dying.
Yannick Dixken responsibly disclosed a critical vulnerability exposing minors' data at a diving org. Their response? Legal threats, NDAs, and eight months of silence about user notifications. This is why we can't have nice things in security disclosure.