A trust paradox - Duck Alignment Academy
If automated CI tests are both a way to measure trust and a vector for attack, what's the responsible maintainer to do?
An AI Agent Just Pwned Trivy's 32K-Star Repo via GitHub Actions
awesomeagents.aiAn autonomous agent powered by Claude Opus 4.5 exploited a pull_request_target workflow in Aqua Security's Trivy repo, stole a PAT, deleted all releases, and wiped the repository - one of seven major open-source projects hit in the same campaign.