Every processed story in chronological order, with the newest coverage first. Filter by tag, source, or score to drill in.
IntentProbe addresses a gap the post identifies in existing MCP security tooling: the inability of text-based classifiers to distinguish safe from poisoned tool descriptions when both use nearly identical vocabulary, a scenario where the post reports the strongest reproducible DeBERTa baseline scored 0% recall.
Audit every agent-initiated secret access with a stated reason, giving teams a traceable record of what coding agents like Claude Code accessed and why during a session.
Security and AI practitioners must account for a new class of adaptive malware that bypasses both traditional patch-based defenses and centralized AI safety controls by running open-weight models on compromised infrastructure at zero marginal cost to the attacker.
Security-conscious practitioners handling sensitive data in ChatGPT now have a deterministic, non-AI-evaluated control to block the exfiltration stage of prompt injection attacks — the hardest-to-defend leg of the threat model.
Watch git commit history for the string `HERMES.md` if using Claude Code on a Max plan — its presence can silently exhaust extra usage credits instead of drawing from included plan quota.
Check your git commit history for the exact string "HERMES.md" and review your extra usage at claude.ai/settings/usage if you use Claude Code on a Max plan, as this bug can silently drain hundreds of dollars in unexpected API-rate charges.
Windows developers evaluating AI coding agents now have a concrete sandboxed option in Codex, with an open-source Rust implementation they can inspect — unlike competing tools that leave Windows environments unsandboxed.
Teams using Claude Code for AWS work can adopt this pattern to let AI agents move freely across dev and staging environments while ensuring a human is always in the loop before any production account is touched — without modifying daily workflows.
Developers relying solely on PreToolUse hooks to protect secrets or restrict Claude Code agents should audit their threat model immediately — hooks only cover anticipated tool-call vectors, and a defense-in-depth approach with container isolation and secret brokers is required for meaningful containment.
Developers building MCP-connected agents can use ORBIT's compliance mapping as a concrete checklist to harden their deployments against the full OWASP MCP Top 10, including real-world attack patterns already exploited in the wild.