Every processed story in chronological order, with the newest coverage first. Filter by tag, source, or score to drill in.
Fable 5's autonomous, MCP-connected execution model means a VS Code extension that looks completely clean can now silently influence an agent with real workspace permissions — a threat that traditional static analysis and reputation signals are not designed to catch.
Developers relying solely on PreToolUse hooks to protect secrets or restrict Claude Code agents should audit their threat model immediately — hooks only cover anticipated tool-call vectors, and a defense-in-depth approach with container isolation and secret brokers is required for meaningful containment.
Teams building production workflows on Claude should treat the Team plan and API as operationally distinct dependencies with separate failure modes, and establish out-of-band admin contacts and key-rotation procedures before a suspension occurs.
Security and AI practitioners should monitor Project Glasswing closely, as Mythos Preview's ability to autonomously find and exploit zero-days at scale — including in closed-source software via reverse engineering — signals that AI-driven vulnerability research is shifting from theoretical concern to operational reality.