#security

17 articles

Ethereum Foundation Found Real Bugs With AI Audits — This Changes Smart Contract Security

The Ethereum Foundation used AI-powered audits to uncover real vulnerabilities in smart contract code — validating that coding age…

Claude Code's Steganographic Date Stamp — When Developer Tools Play Spy Games

A reverse engineer found Claude Code silently encodes API gateway info into system prompt punctuation. We unpack the article, the …

Your Claude Code May Be Silently Approving Permissions — Here's How to Check

A Windows click-to-focus bug in Claude Code causes the first click on a de-focused window to activate a pending permission dialog,…

Claude Code Has Been Embedding Steganographic Markers in Your Prompts — Here's the Full Story

Anthropic's Claude Code silently marks system prompts with invisible Unicode steganography to detect Chinese AI labs and API resel…

Your Background Subagents Can Leak Secrets — Build the Isolation Model

A freshly filed, reproducible Claude Code security issue shows background subagents stalling and emitting authorization-shaped pro…

Your Claude Code May Ask 700+ Permission Prompts Per Session — Here's How to Check

Claude Code's compound-command permission system can flood you with hundreds of prompts per session, even for read-only commands l…

Codex Tightens Sandbox Enforcement for Memory Consolidation

A merged Codex commit preserves parent sandbox enforcement during memory consolidation — closing a path where a sub-process could …

Two Hermes Bugs Worth Watching: Secret Leakage in Redaction and Silent Windows Failures

Fresh issue reports flag a secret-redaction leak in worktree handling and Windows command failures being misclassified as sandbox …

Codex App Crashes and Leaks Its Own System Instructions in the Error Message

A reproducible crash in Codex Desktop spills internal system prompts into the error output — revealing exactly how the agent is in…

What Your Coding Agent Knows About Your Codebase

Every file, every credential, every API key — your agent sees everything. Here's what you should know about agent visibility and c…

Stop Worrying About Which Agent Is Best — Start Worrying About Safety

Everyone compares benchmark scores. Nobody's asking the important question: can your coding agent delete your database?

Zero Just Prevented a Windows Taskkill Hijack — And You Didn't Even Know It Was Possible

Gitlawb Zero resolved an absolute path for taskkill on Windows to prevent binary hijacking. A security fix that protects your enti…

Oh My Pi Migrated xAI Auth to Device Flow — Here's Why That's a Big Deal

Oh My Pi switched from API key authentication to device flow for xAI. More secure, more reliable, and no more API key management.

Gitlawb Zero Just Got Paranoid About Permissions — And You Should Be Too

Zero now rejects malformed permission payloads before prompting. A critical security hardening for the agent that runs in your ter…

Your Cron Jobs Were Leaking Secrets — Hermes Just Fixed the Security Hole

Hermes cron jobs were running under the wrong secret scope. A fix ensures every scheduled task uses the correct profile credential…

Hermes Just Plugged a Secret Leak You Probably Didn't Notice

Hermes added a case-insensitive .env file guard. If you thought naming a file '.ENV' would bypass detection — it won't anymore.

Hermes Browser Automation Just Got Security Hardened — Here's What Changed

Hermes shipped private-page guards for its CDP browser integration. The agent can browse sensitive pages without leaking data.