
Flipper Zero Shifts to Community-Driven Development
Flipper Devices announces their firmware hit 1.0 stability and outlines a new community contribution model - while HN debates whether 'done' software is actually a good thing.
31 articles

Security researchers discovered a prompt injection vulnerability in GitHub's Agentic Workflows that allows attackers to extract private repository contents through public issues.

Flipper Devices announces their firmware hit 1.0 stability and outlines a new community contribution model - while HN debates whether 'done' software is actually a good thing.

A developer reverse-engineered Claude Code and found hidden markers that classify users by timezone, domain, and API keywords - using unicode apostrophe swaps and date format changes.

Semgrep's security research team benchmarked LLMs on IDOR vulnerability detection. The open-weight GLM 5.2 beat Claude Code by 7 points at roughly one-sixth the cost.

OpenAI's June 2026 API changelog looks like scattered platform plumbing. Read together, moderation scores, workload identity, Admin APIs, prompt-cache retention, container billing, and Secure MCP Tunnel are the pieces teams need to run agents with real controls.

Bumblebee is Perplexity's open source scanner for detecting compromised packages, extensions, and MCP configs on developer machines. A read-only Go binary that checks npm, PyPI, Go modules, and 10+ ecosystems against exposure catalogs - without running any install scripts. Here is how to set it up and use it.

Arcade just raised $60M to become the secure action layer for production AI agents. Here is what their MCP runtime actually does, how it differs from rolling your own OAuth, and when to use it.

Filippo Valsorda argues that LLMs have ended the era of treating security researchers with kid gloves. When anyone can discover vulnerabilities with an AI, the old coordinated disclosure model breaks down.

The Linux Foundation's Agent Name Service proposal points at a real gap in AI agent infrastructure: agents need verifiable identity, scoped capabilities, revocation, and audit trails before they can safely act across tools.

AI agents are getting their own computers. Here is how to choose a sandbox architecture: filesystem isolation, network policy, secrets boundaries, snapshots, and when shell access is overkill.

A GitHub-trending library of Anthropic cybersecurity skills points at the next agent security layer: framework-mapped playbooks that need provenance, tests, and abuse boundaries before they become trusted runtime tools.

OpenAI's Daybreak and Patch the Planet point at the real agentic AppSec shift: security agents only matter when they produce validated, reviewable patches maintainers can actually merge.

Stop the approval-fatigue prompts without going full YOLO mode. A hands-on guide to Claude Code's permission system - settings.json scopes, allow/deny/ask rules, tool specifiers, and the headless flags that actually matter.
Showing 12 of 30 articles

New tutorials, open-source projects, and deep dives on coding agents - delivered weekly.
Explore 688 topics
Browse All Topics