GitHub releases the layered defense design of the agent execution platform, and OpenAI releases the instruction hierarchy training data IH-Challenge and model. Responses to prompt injection were received from both infrastructure design and training axes.
Anthropic found 22 CVEs in Firefox's JS engine with Claude, while GitHub Security Lab reported more than 80 vulnerabilities in apps built on the OSS framework Taskflow Agent.
Five new features for Copilot coding agent — model selection, self-review, security scanning, custom agents, and CLI integration — plus bidirectional Figma-Codex integration via MCP. Also covers Copilot CLI GA and comparison with Claude Code Figma integration.
GitHub has released the Copilot SDK in technical preview. It exposes the Copilot CLI agent runtime as a programmable interface and supports custom tools as well as MCP server connections.
Using Jeff Geerling's article as a starting point, this piece looks at how low-quality AI-generated contributions are increasing the burden on open source maintainers, along with responses from curl and GitHub.
An explanation of a new attack technique that abuses GitHub’s fork feature and commit display behavior to distribute malware via links that look like official repository URLs.
Use gh-setup-hooks to install the GitHub CLI automatically and complete the whole flow, from branch merge to Vercel deploy, directly in the web environment.