Security

Compromised npm package silently installs OpenClaw on developer machines

While the AI itself wasn’t weaponized, the technique raises concerns about AI agents with broad system access.

The data center gold rush is warping reality

Is the data center building boom driven by competitive signaling or real demand? If adoption falls short, today’s boom will bring tomorrow’s bust.

What happens when you add AI to SAST

Bringing AI agents and multi-modal analysis to SAST dramatically reduces the false positives that plague traditional SAST and rules-based SAST tools.

Flaws in four popular VS Code extensions left 128 million installs open to attack

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.

Kazakhstan’s SOS 102: Redefining Public Safety Through Innovation

Google adds automated code reviews to Conductor AI

The Conductor extension now can generate post-implementation code quality and compliance reports based on developer specifications.

Single prompt breaks AI safety in 15 major language models

The GRP‑Obliteration technique reveals that even mild prompts can reshape internal safety mechanisms, raising oversight concerns as enterprises increasingly fine‑tune open‑weight models with privileged training access.

Claude AI finds 500 high-severity software vulnerabilities

Anthropic is reporting the flaws to developers — but only after having humans verify them.

How to reduce the risks of AI-generated code

Vibe coding is fast, useful, and here to stay. The freedom it brings must be matched with awareness that security is necessary and cannot be assumed.

Beyond NPM: What you need to know about JSR

The JavaScript Registry makes building, sharing, and using JavaScript packages simpler and more secure, and you can use it with or without NPM.