Articles

LocalLLaMA readers quickly turned the story into an operator checklist: check Starlette, FastAPI, vLLM, LiteLLM, MCP servers, and anything exposed to the Internet.

Claude products now touch real tools, so the risk question is shifting from model persuasion to execution boundaries. Anthropic says users approved about 93% of Claude Code permission prompts, a number that weakens human-in-the-loop defenses.

The Megalodon campaign pushed 5,718 malicious commits into 5,561 GitHub repositories in roughly six hours. The target was not just application code, but GitHub Actions workflows that can expose cloud credentials, CI secrets, and deployment tokens.

TrapDoor pushed more than 34 malicious packages across npm, PyPI, and Crates.io after May 22. The sharpest twist is not just credential theft, but the attempt to poison .cursorrules and CLAUDE.md files read by AI coding assistants.

Reddit’s discussion focused on feasibility: can hidden audio survive microphones, speakers, and compression well enough to trigger real commands?

Bumblebee is a read-only scanner for macOS and Linux developer endpoints. Perplexity says it checks risky packages, MCP configs, editor extensions, and browser extensions without invoking package managers or install scripts.

GitHub confirmed on May 20, 2026 that threat group TeamPCP exfiltrated approximately 3,800 internal repositories after a GitHub employee installed a trojanized Nx Console VS Code extension that was live on the marketplace for just 11 minutes. Stolen credentials include 1Password vaults, Anthropic Claude Code configurations, npm, GitHub, and AWS tokens; TeamPCP is seeking $50,000 for the data on underground forums.

Valve has pulled the free horror game 'Beyond The Dark' from Steam after discovering it contained malware designed to steal user data, raising concerns for anyone who downloaded and installed the title.

Cloudflare tested Anthropic's security-specialized Mythos Preview model against their own infrastructure under Project Glasswing. Mythos can chain low-severity bugs into working exploits, demonstrating reasoning comparable to senior security researchers — but with inconsistent safeguards and significant triage overhead.

Linus Torvalds has warned that AI-powered vulnerability discovery tools are flooding the Linux kernel security mailing list with duplicate reports, creating what he calls 'unnecessary pain and pointless work.' He argues that AI-detected bugs are by definition not secret, and urges researchers to contribute patches rather than bare reports.

Archestra faced a deluge of AI-generated low-quality contributions: 253 bot comments on a single bounty issue, 27 untested PRs for one feature request. Their solution combines contributor onboarding verification with Git's --author flag to create a barrier that distinguishes AI-assisted human contributions from pure bot spam.

Google's Threat Intelligence Group detected the first confirmed AI-authored zero-day exploit in the wild—a Python script bypassing two-factor authentication in a popular open-source web admin tool, intercepted before criminals could launch a mass exploitation campaign.