#codesecurity — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #codesecurity, aggregated by home.social.
-
How Anthropic’s Model Context Protocol Allows for Easy Remote Execution
-
How Anthropic’s Model Context Protocol Allows for Easy Remote Execution
-
How Anthropic’s Model Context Protocol Allows for Easy Remote Execution
-
How Anthropic’s Model Context Protocol Allows for Easy Remote Execution
-
How Anthropic’s Model Context Protocol Allows for Easy Remote Execution
-
Cursor's $29.3B code editor marketed Composer 2 as an "in-house" model. A developer found the actual model ID within 24 hours: it was Kimi K2.5, built by Beijing's Moonshot AI. This marks the second undisclosed use of Chinese models in four months, raising questions about transparency when users route proprietary code through these systems.
#AITransparency #CodeSecurity #TechAccountability
https://www.implicator.ai/opinion-cursor-called-it-in-house-it-was-built-in-beijing/
-
Cursor's $29.3B code editor marketed Composer 2 as an "in-house" model. A developer found the actual model ID within 24 hours: it was Kimi K2.5, built by Beijing's Moonshot AI. This marks the second undisclosed use of Chinese models in four months, raising questions about transparency when users route proprietary code through these systems.
#AITransparency #CodeSecurity #TechAccountability
https://www.implicator.ai/opinion-cursor-called-it-in-house-it-was-built-in-beijing/
-
Anthropic launches AI security tool that can find software bugs humans miss | Fortune https://fortune.com/2026/02/20/exclusive-anthropic-rolls-out-ai-tool-that-can-hunt-software-bugs-on-its-own-including-the-most-dangerous-ones-humans-miss/ #cybersecurity #Anthropic #codesecurity #ClaudeCodeSecurity #codereview
-
👾 Behold, the breathtaking breakthrough of rendering #graphics at the speed of a caffeinated snail using the legendary micro-teeny-tinygrad! 🎨✨ Apparently, #GitHub has decided we need yet another #AI tool to clutter our already overflowing virtual garages. Who knew code security could be so... miniscule? 🔍🔒
https://github.com/quantbagel/gtinygrad #Tools #MicroTinygrad #CodeSecurity #HackerNews #ngated -
🎉 Ah, the KIM-1 turns 50, and what better way to celebrate than a GitHub demo no one asked for, buried under a pile of buzzword salad? 🤖 Just remember, folks: nothing screams "party" like platform #AI and code security lingo. 🎂
https://github.com/netzherpes/KIM1-Demo #KIM1 #50thAnniversary #GitHubDemo #BuzzwordSalad #CodeSecurity #HackerNews #ngated -
🎉 Ah, the KIM-1 turns 50, and what better way to celebrate than a GitHub demo no one asked for, buried under a pile of buzzword salad? 🤖 Just remember, folks: nothing screams "party" like platform #AI and code security lingo. 🎂
https://github.com/netzherpes/KIM1-Demo #KIM1 #50thAnniversary #GitHubDemo #BuzzwordSalad #CodeSecurity #HackerNews #ngated -
🎉 Ah, the KIM-1 turns 50, and what better way to celebrate than a GitHub demo no one asked for, buried under a pile of buzzword salad? 🤖 Just remember, folks: nothing screams "party" like platform #AI and code security lingo. 🎂
https://github.com/netzherpes/KIM1-Demo #KIM1 #50thAnniversary #GitHubDemo #BuzzwordSalad #CodeSecurity #HackerNews #ngated -
🎉 Ah, the KIM-1 turns 50, and what better way to celebrate than a GitHub demo no one asked for, buried under a pile of buzzword salad? 🤖 Just remember, folks: nothing screams "party" like platform #AI and code security lingo. 🎂
https://github.com/netzherpes/KIM1-Demo #KIM1 #50thAnniversary #GitHubDemo #BuzzwordSalad #CodeSecurity #HackerNews #ngated -
“Noise reduction alone isn’t the goal; accuracy on real risks is.”
— James Wickett, CEO & Co-founder, DryRun SecurityWhy application security needs context at code review - and why intent matters more than alert volume.
-
Đang tìm kiếm mô hình/công cụ để quét và phát hiện mã độc trong dự án mã nguồn mở. Đang cân nhắc Nemotron, GPT-OSS, Qwen Coder hoặc liệu có mô hình điều chỉnh/tập trung chuyên sâu nào khác hỗ trợ? Cần gợi ý từ cộng đồng! #AiAnToan #PhanTichMa #OSS #CodeSecurity #MalwareDetection
https://www.reddit.com/r/LocalLLaMA/comments/1psr8rl/looking_for_modelsprojects_to_scan_and_detect/
-
AI models often miss IaC security flaws—not because they lack power, but because they lack focus.
This benchmark shows how accuracy improves when AI gets clear context, tight scope, and an understanding of why a fix works.
It’s the difference between a quick patch and real remediation.
At AppSec Village, we appreciate sponsors like Symbiotic AI, who push for true precision in AI-powered security.
Read the full article →
https://www.symbioticsec.ai/blog/cracking-code-insights-ai-powered-code-security-remediation?utm_source=apv&utm_medium=technical&utm_campaign=apv&utm_id=apv -
Developer-first security isn’t buzzwords or “shift left.”
It’s giving developers context, clarity, and tools that reduce cognitive load—not add more alerts or friction.
This article breaks down why most approaches fall short, and what real developer-first security looks like in practice.
At AppSec Village, we’re here for sponsors like Symbiotic Security who actually support how developers work.
-
Developer-first security isn’t buzzwords or “shift left.”
It’s giving developers context, clarity, and tools that reduce cognitive load—not add more alerts or friction.
This article breaks down why most approaches fall short, and what real developer-first security looks like in practice.
At AppSec Village, we’re here for sponsors like Symbiotic Security who actually support how developers work.
-
Developer-first security isn’t buzzwords or “shift left.”
It’s giving developers context, clarity, and tools that reduce cognitive load—not add more alerts or friction.
This article breaks down why most approaches fall short, and what real developer-first security looks like in practice.
At AppSec Village, we’re here for sponsors like Symbiotic Security who actually support how developers work.
-
Developer-first security isn’t buzzwords or “shift left.”
It’s giving developers context, clarity, and tools that reduce cognitive load—not add more alerts or friction.
This article breaks down why most approaches fall short, and what real developer-first security looks like in practice.
At AppSec Village, we’re here for sponsors like Symbiotic Security who actually support how developers work.
-
🚨 OH NO! React Server Components can't catch a break! 🎉 Just when you thought it was safe to deploy... surprise! More vulnerabilities! 😱 But hey, at least they're not letting hackers run wild with RCE, just crash your server and peek at your code. 🤦♂️ So much for smooth sailing, React team!
https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components #ReactServerComponents #vulnerabilities #ServerCrash #CodeSecurity #HackerNews #HackerNews #ngated -
🚨 OH NO! React Server Components can't catch a break! 🎉 Just when you thought it was safe to deploy... surprise! More vulnerabilities! 😱 But hey, at least they're not letting hackers run wild with RCE, just crash your server and peek at your code. 🤦♂️ So much for smooth sailing, React team!
https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components #ReactServerComponents #vulnerabilities #ServerCrash #CodeSecurity #HackerNews #HackerNews #ngated -
🚨 OH NO! React Server Components can't catch a break! 🎉 Just when you thought it was safe to deploy... surprise! More vulnerabilities! 😱 But hey, at least they're not letting hackers run wild with RCE, just crash your server and peek at your code. 🤦♂️ So much for smooth sailing, React team!
https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components #ReactServerComponents #vulnerabilities #ServerCrash #CodeSecurity #HackerNews #HackerNews #ngated -
🚨 OH NO! React Server Components can't catch a break! 🎉 Just when you thought it was safe to deploy... surprise! More vulnerabilities! 😱 But hey, at least they're not letting hackers run wild with RCE, just crash your server and peek at your code. 🤦♂️ So much for smooth sailing, React team!
https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components #ReactServerComponents #vulnerabilities #ServerCrash #CodeSecurity #HackerNews #HackerNews #ngated -
Contagious Interview attackers go ‘full stack’ to fool developers https://www.csoonline.com/article/4098699/contagious-interview-attackers-go-full-stack-to-fool-developers.html #SoftwareDevelopment #SecurityPractices #CodeSecurity #Security
-
"AI-driven security and spec-first IDEs are revolutionizing software development. Tools like Defender for Cloud and GitHub Advanced Security offer runtime insights, while spec-first tools like Kiro and Spec Kit embed security into code from the start. Faster remediation, better security, and a shift from code-first to intent-first development. #AIInnovation #DevSecOps #SpecFirst #CodeSecurity #SoftwareEngineering"
-
Code Formatting Tools Share Secrets by the Thousands: Researchers https://thecyberexpress.com/code-formatting-tools-share-secrets/ #TheCyberExpressNews #leakedcredentials #TheCyberExpress #FirewallDaily #codesecurity #CyberNews #Dataleak
-
OpenAI Aardvark: The AI Security Tool for Developers Are you ready for AI-powered security?
https://eproductempire.blogspot.com/2025/11/openai-aardvark-gpt-5-security-tool.html #OpenAI #Aardvark #GPT5 #AISecurity #CyberSecurity #DeveloperTools #CodeSecurity #DevSecOps #TechNews #AI -
OpenAI has launched Aardvark, an autonomous “agentic security researcher” powered by GPT-5.
It scans codebases for vulnerabilities, validates exploitability in sandboxed environments, and auto-generates potential patches.
Early reports show 10+ CVEs identified in open-source projects.
What’s your view - is AI-driven vulnerability research the future of cybersecurity or another layer of risk?
#CyberSecurity #OpenAI #GPT5 #Aardvark #Infosec #AI #DevSecOps #VulnerabilityManagement #MachineLearning #CodeSecurity #TechNews
-
What does “developer-first security” really look like?
This article from Symbiotic Security unpacks why more alerts ≠ better security.At AppSec Village, we believe these convos are key to bridging security + devs.
-
via @dotnet : .NET and .NET Framework October 2025 servicing releases updates
https://ift.tt/8fz4RwU
#DotNet #DotNetFramework #October2025 #SecurityUpdates #CVE #SoftwareDevelopment #Programming #ReleaseNotes #TechUpdates #DevCommunity #CodeSecurity #SoftwareEng… -
El lado del mal - CodeMender: Un Agente IA para buscar bugs y parchear código fuente https://www.elladodelmal.com/2025/10/codemender-un-agente-ia-para-buscar.html #AgenticAI #Ciberseguridad #IA #AI #BugBounty #Bug #Gemini #InteligenciaArtificial #OpenSource #Hardening #CodeSecurity
-
😱 Breaking news: Someone discovered a #webshell and a normal file share an MD5 hash! 🚨 Stop the presses, this changes everything! Meanwhile, #GitHub is busy deploying #AI to write better code while nobody noticed the hash collision between a sandwich and a rock. 🍔🗿
https://github.com/phith0n/collision-webshell #BreakingNews #HashCollision #CodeSecurity #HackerNews #ngated -
😱 Breaking news: Someone discovered a #webshell and a normal file share an MD5 hash! 🚨 Stop the presses, this changes everything! Meanwhile, #GitHub is busy deploying #AI to write better code while nobody noticed the hash collision between a sandwich and a rock. 🍔🗿
https://github.com/phith0n/collision-webshell #BreakingNews #HashCollision #CodeSecurity #HackerNews #ngated -
😱 Breaking news: Someone discovered a #webshell and a normal file share an MD5 hash! 🚨 Stop the presses, this changes everything! Meanwhile, #GitHub is busy deploying #AI to write better code while nobody noticed the hash collision between a sandwich and a rock. 🍔🗿
https://github.com/phith0n/collision-webshell #BreakingNews #HashCollision #CodeSecurity #HackerNews #ngated -
😱 Breaking news: Someone discovered a #webshell and a normal file share an MD5 hash! 🚨 Stop the presses, this changes everything! Meanwhile, #GitHub is busy deploying #AI to write better code while nobody noticed the hash collision between a sandwich and a rock. 🍔🗿
https://github.com/phith0n/collision-webshell #BreakingNews #HashCollision #CodeSecurity #HackerNews #ngated -
If you train ML models, they can learn to write more secure code. But the quality of the training data is only as good as your AppSec tooling. #AICoding #SecureDevelopment #CodeSecurity #SoftwareDevelopment
https://jpmellojr.blogspot.com/2025/09/how-ai-coding-tools-can-learn-to.html -
🚨 OMG! Someone published evil Nx versions! 😱 Quick, panic and run to GitHub's 'sparkly' AI tools that promise to fix everything with a single click! 🤖✨ Because, of course, code security is just one magical AI away from being solved. 🙄
https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c #evilNxVersions #GitHub #AITools #codeSecurity #panicMode #techHumor #HackerNews #ngated -
🚨 OMG! Someone published evil Nx versions! 😱 Quick, panic and run to GitHub's 'sparkly' AI tools that promise to fix everything with a single click! 🤖✨ Because, of course, code security is just one magical AI away from being solved. 🙄
https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c #evilNxVersions #GitHub #AITools #codeSecurity #panicMode #techHumor #HackerNews #ngated -
🚨 OMG! Someone published evil Nx versions! 😱 Quick, panic and run to GitHub's 'sparkly' AI tools that promise to fix everything with a single click! 🤖✨ Because, of course, code security is just one magical AI away from being solved. 🙄
https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c #evilNxVersions #GitHub #AITools #codeSecurity #panicMode #techHumor #HackerNews #ngated -
🚨 OMG! Someone published evil Nx versions! 😱 Quick, panic and run to GitHub's 'sparkly' AI tools that promise to fix everything with a single click! 🤖✨ Because, of course, code security is just one magical AI away from being solved. 🙄
https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c #evilNxVersions #GitHub #AITools #codeSecurity #panicMode #techHumor #HackerNews #ngated -
🛡️ Vibekit @superagent_ai
Open-source AI agent security. Features Docker sandbox, secret redaction, access monitoring, and prompt-injection blocking. Safeguards your .env file.
https://www.everydev.ai/tools/vibekit
#CodeSecurity #AICoding #AgentOps #AppSec #DevTools #OpenSource
-
AI coding tools are a security hazard. Replit's AI destroyed data; Amazon's Q was weaponized. Risks include vulnerabilities, blind trust, and skill erosion. Urgent need for guardrails & oversight. #AIrisks #CodeSecurity #TechEthics #SoftwareDevelopment
-
This article shows how well model inversion reconstructs code and shares vulnerable examples from ChatGPT, CodeGen, and GitHub Copilot. https://hackernoon.com/model-inversion-efficacy-and-qualitative-vulnerability-examples-from-llms #codesecurity
-
This article details code deduplication, prompt transfer, dataset creation, benchmarks, and the effect of sampling temperature on finding vulnerabilities. https://hackernoon.com/the-art-of-prompt-swapping-temperature-tuning-and-fuzzy-forensics-in-ai #codesecurity
-
This article shows "secure code" prompts fail on ChatGPT, more examples find more bugs, and the method effectively targets C code vulnerabilities. https://hackernoon.com/an-analysis-of-chatgpt-instructions-few-shot-scaling-and-c-code-vulnerability-generation #codesecurity
-
This article details the LLMs used (CodeGen, ChatGPT) and a test finding vulnerabilities in GitHub Copilot using the study's few-shot prompting method. https://hackernoon.com/llm-details-and-finding-security-vulnerabilities-in-github-copilot-with-fs-code #codesecurity
-
This article discusses prompt transferability and limitations, concluding with a method for finding and benchmarking LLM code vulnerabilities. https://hackernoon.com/echoes-in-the-code-the-lasting-impact-and-future-path-of-ai-vulnerability-benchmarking #codesecurity
-
This article evaluates LLMs like CodeGen/ChatGPT on vulnerable code gen via few-shot prompting, prompt transferability, and a security benchmark. https://hackernoon.com/experimenting-with-chatgpts-vulnerability-volcano-and-prompt-party-tricks #codesecurity
-
This article proposes few-shot prompting for black-box LLM inversion, generating non-secure prompts to trigger code vulnerabilities via static analysis. https://hackernoon.com/systematic-discovery-of-llm-code-vulnerabilities-few-shot-prompting-for-black-box-model-inversion #codesecurity