Breakdown of the Claude Code quality-regression issue: an AMD/IREE developer analyzed 17,871 thinking blocks and 234,760 tool calls, linking adaptive-thinking shrinkage and redaction changes to worse coding behavior.
A security scan of 50 open-source MCP servers found 61% lacked input validation. This article covers real vulnerabilities in high-profile servers like Playwright MCP and Puppeteer MCP, and examines when to skip MCP entirely and use CLI tools directly.
A security researcher bypassed Claude Opus 4.6's policy evaluation with just four short prompts, generating attack code against live infrastructure. Plus 915 files exfiltrated from the sandbox.
Cursor redesigned its UI from scratch, adding parallel agent execution, seamless cloud/local handoff, and Design Mode. Here is how that changes the IDE model and how it compares with other AI coding tools.
A symlink validation bug in OpenClaw's SSH sandbox sync path lets an AI agent read or write arbitrary local files outside the sandbox. GHSA-fv94-qvg8-xqpw, CVSS 8.8.
How Copilot CLI's `/fleet` command works and how to use it: it automatically splits tasks, dispatches subagents in parallel, and schedules them while respecting dependencies.
Meta AI's HyperAgents performs metacognitive self-correction that optimizes improvement strategies themselves. Self-improvement appears in four non-coding domains, and strategies learned in one domain transfer to another, along with spontaneously acquired persistent memory.
H Company's Holotron-12B uses a memory-efficient new design to lift PC-operation AI throughput to 8,900 tokens per second. Unsloth has released the beta of 'Studio,' a browser tool for no-code model fine-tuning.
OpenAI acquired AI security evaluation platform Promptfoo, and Microsoft announced that Anthropic's Claude Cowork would be integrated into Microsoft 365 Copilot. The structure of the enterprise AI market is starting to change.
Andrej Karpathy released Autoresearch, a system where an AI agent autonomously runs machine-learning experiments on a GPU and tries 100 variants overnight. The article breaks down the mechanism and design so even readers with zero ML background can follow.
Trend Micro analyzed a new AMOS distribution method that targets AI agent workflows. A malicious SKILL.md on OpenClaw plants fake CLI install instructions and uses AI as the intermediary to manipulate people.
Techniques and defenses from the MINJA, InjecMEM, and ToxicSkills campaigns that poison AI agents’ memory files, and the fact that GPT-5.3-Codex achieved a 72% exploit success rate on EVMbench released by OpenAI and Paradigm. This article organizes how AI becomes both a target of attacks and a weapon for attackers.
