Don’t want to miss my next post? Follow me on X or connect on LinkedIn Summary We all know AI reshaped how we build software. Autocomplete evolved into AI agents that can autonomously act on behalf of the user. As vendors compete on “productivity” they add additional capabilities that significantly affect the security posture of their products. Around 6 months ago, I decided to dig into the world of AI IDEs and coding assistants because they were gaining popularity and it was clear they are here to stay. The first vulnerabilities I found were focused on narrow components - a vulnerable tool, writeable agent configuration or writeable MCP configuration that leads to anything from data exfiltration to remote code execution. Those issues are serious, but they only affect a single application at a time (and were publicly disclosed multiple times).
Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed…
A groundbreaking security research project has uncovered a new class of vulnerabilities affecting virtually every major AI-powered integrated development environment (IDE).
Moonwalk++ stack telemetry bypass (@KlezVirus), a pile of Mediatek CVEs (@hyprdude), AppleScript decompiler (@__pberba__), SCOM hacking (@unsigned_sh0rt + @breakfix), .NET SOAP disaster (@chudyPB), and more!
How to secure AI-assisted development workflows without slowing teams down.