Two approaches to achieve local isolated execution of AI coding agents. On macOS, Agent Safehouse uses OS-native sandbox-exec for kernel-level restrictions, and on Windows, Codex uses the VM-based Windows sandbox.
WAN 2.2 image-to-video on Windows + RTX 4060 8GB VRAM in ComfyUI. The 5B fp8 model failed three times; the 14B Rapid distilled model with --lowvram offloading produced a 2-second clip in 111 seconds — vs 82 minutes on M1 Max 64GB. Working setup and what to avoid.
Russian APT28 started exploiting URL validation flaw in ieframe.dll (CVE-2026-21513, CVSS 8.8) in January 2026. We have laid out the technical mechanics of an attack chain that bypasses Mark-of-the-Web via LNK files and executes code outside the browser sandbox.
Testing the new LSP feature in Claude Code v2.0.74 with a PHP setup. phpactor fails on Windows, intelephense installs but isn't recognized — turns out it's already filed as Issue #14803.
A command-injection vulnerability was found in Windows PowerShell's `Invoke-WebRequest` cmdlet. When fetching a web page, embedded scripts could be executed.