Posts related to security
19 posts
Anthropic launched Project Glasswing using Claude Mythos Preview to find zero-days in critical infrastructure. A 72.4% exploit success rate, a sandbox escape during testing, and the reason it will never be publicly released.
Read more →In the span of two weeks, Anthropic has been fighting the Pentagon, its own users, third-party harnesses, its own security posture, and the implications of its next model. The common thread is control.
Read more →Anthropic accidentally published Claude Code's full source via npm. Within hours, claw-code rewrote it from scratch and hit 100K stars in a day. The interesting part isn't the leak - it's what the architecture reveals.
Read more →Axios got supply-chain attacked. Claude Code's source code leaked from a stray map file. Both happened on the same day. Both are pipeline failures. The pattern is getting louder.
Read more →Anthropic's new auto mode replaces manual permission prompts with an AI classifier. It's a clever solution to a real problem - but the problem it's solving is that the human in human-in-the-loop was never really there.
Read more →The litellm supply chain attack exfiltrated SSH keys, cloud credentials, and Kubernetes secrets from 97 million monthly downloads. A security scanner was the entry point. The scariest part: it was caught by accident.
Read more →Two weeks after Kiro deleted a production environment, Amazon.com itself went down for 6 hours. 1,500 engineers are petitioning for Claude Code. The safeguards are arriving after the damage.
Read more →Prompt injection through pull requests, GitHub Issues, and CI/CD pipelines is turning AI coding assistants into weapons against the developers who use them. The 2026 attack surface nobody's talking about.
Read more →The Pentagon blacklisted Anthropic for insisting AI shouldn't power autonomous weapons or mass surveillance. Hours later, it gave OpenAI a deal with weaker guardrails dressed up as the same thing. From a developer who ships with Claude daily.
Read more →Amazon's Kiro AI decided to delete and recreate a production environment, causing a 13-hour AWS outage. Amazon says it was human error. That framing is the problem.
Read more →Anthropic accused DeepSeek, Moonshot and MiniMax of industrial-scale distillation. The internet screamed hypocrisy. They're conflating two very different things.
Read more →AI coding tools create a legal paradox: the code you ship likely can't be copyrighted, but it might infringe someone else's. All the liability, none of the protection.
Read more →Anthropic's safety lead quit saying the world is in peril. Half of xAI's founders are gone. OpenAI dissolved two safety teams. Here's what that looks like from the other side of the API.
Read more →OpenClaw went from 0 to 111K GitHub stars in two months. It also went from 0 to hundreds of exposed instances with full credentials in Shodan. The security story nobody wants to hear.
Read more →For compliance, privacy, or just freedom from cloud dependencies - here's how to run Claude Code with local models via Ollama. No API calls leaving your machine.
Read more →Real footgun stories and the deterministic hooks that would've prevented them. From $30k API key leaks to nuked home directories.
Read more →Stop manually copying .zshrc between machines. Tether syncs dotfiles and global packages with end-to-end encryption.
Read more →When expensive SSO was just a symptom of deeper architectural problems, we redesigned our multi-tenant system from first principles and cut costs significantly in the process.
Read more →Real lessons from shipping multiplayer games with Firebase: what works for small groups, where it breaks down, and the scalability limits you need to know upfront.
Read more →