Posts related to security
14 posts
The litellm supply chain attack exfiltrated SSH keys, cloud credentials, and Kubernetes secrets from 97 million monthly downloads. A security scanner was the entry point. The scariest part: it was caught by accident.
Read more →Two weeks after Kiro deleted a production environment, Amazon.com itself went down for 6 hours. 1,500 engineers are petitioning for Claude Code. The safeguards are arriving after the damage.
Read more →Prompt injection through pull requests, GitHub Issues, and CI/CD pipelines is turning AI coding assistants into weapons against the developers who use them. The 2026 attack surface nobody's talking about.
Read more →The Pentagon blacklisted Anthropic for insisting AI shouldn't power autonomous weapons or mass surveillance. Hours later, it gave OpenAI a deal with weaker guardrails dressed up as the same thing. From a developer who ships with Claude daily.
Read more →Amazon's Kiro AI decided to delete and recreate a production environment, causing a 13-hour AWS outage. Amazon says it was human error. That framing is the problem.
Read more →Anthropic accused DeepSeek, Moonshot and MiniMax of industrial-scale distillation. The internet screamed hypocrisy. They're conflating two very different things.
Read more →AI coding tools create a legal paradox: the code you ship likely can't be copyrighted, but it might infringe someone else's. All the liability, none of the protection.
Read more →Anthropic's safety lead quit saying the world is in peril. Half of xAI's founders are gone. OpenAI dissolved two safety teams. Here's what that looks like from the other side of the API.
Read more →OpenClaw went from 0 to 111K GitHub stars in two months. It also went from 0 to hundreds of exposed instances with full credentials in Shodan. The security story nobody wants to hear.
Read more →For compliance, privacy, or just freedom from cloud dependencies - here's how to run Claude Code with local models via Ollama. No API calls leaving your machine.
Read more →Real footgun stories and the deterministic hooks that would've prevented them. From $30k API key leaks to nuked home directories.
Read more →Stop manually copying .zshrc between machines. Tether syncs dotfiles and global packages with end-to-end encryption.
Read more →When expensive SSO was just a symptom of deeper architectural problems, we redesigned our multi-tenant system from first principles and cut costs significantly in the process.
Read more →Real lessons from shipping multiplayer games with Firebase: what works for small groups, where it breaks down, and the scalability limits you need to know upfront.
Read more →