News and Tech Update

The threat group behind the notorious Mini Shai-Hulud worm last month put the complete source code for the malware into a GitHub repository, essentially open sourcing the threat so that other bad actors can create their own variants. GitHub reportedly took down the repository shortly after it appeared, but the damage was already done, with multiple forks created, according to Datadog security researchers. The modular framework that the threat group, TeamPCP, put into the repository included tools for credential harvesting, supply chain poisoning, and encrypted data exfiltration aimed at developer workstations and CI/CD pipelines, increasingly popular targets for attackers. The released source code also indicated evolving capabilities for persistence through the integration of AI agents and for stealing via Sigstore provenance. “The open-sourcing of a production offensive framework is not unprecedented, but it’s unusual for an active campaign,” the researchers wrote in a report...

Postman added an artificial intelligence (AI) agent to its portfolio of tools and platforms for building and governing application programming interfaces (APIs) that can autonomously perform tasks ranging from development and documentation to exploration and setting up integrations with continuous integration/continuous deployment (CI/CD) environments. Company CEO Abhinav Asthana said the Autonomous API Engineer significantly reduces the total cost of building and maintaining APIs by automating time-consuming tasks that have historically created bottlenecks in software engineering workflows. In fact, the AI agent developed by Postman will make it significantly simpler to integrate API development and testing within those workflows, said Asthana. Designed to be triggered from a pull request, Slack, Postman command line interface (CLI) or the Postman app, the Autonomous API Engineer spins up a secure, sandboxed environment. It then executes tasks and returns verified artifacts, includ...

IBM and Red Hat aren’t the only ones that mean to lock down open-source code against AI hacking tools. Last week, IBM and Red Hat launched Project Lightwell to protect open-source projects with $5 billion and 20 thousand engineers. Not to be outdone, with tongue in cheek, Chainguard ’s CEO Dan Lorenc announced a $50 million, 100‑engineer commitment as an attempt to “build new trust infrastructure for open source consumption.” Why? Because Lorenc argues that open source consumption “is fundamentally broken, and no amount of incremental improvement is going to fix it in time.” I wish I could disagree, but he’s right. In his blog post, The Hardest Fork , Lorenc warns “ Mythos is real,” pushing back on those who dismiss Anthropic’s scary code scanner as hype or a “marketing stunt.” He describes the Mythos findings as “novel combinations of a few dozen issues out of thousands of things every SAST [Static Application Security Testing] scanner already finds, chaine...

Modern DevOps practices have completely transformed how we handle compute and orchestration. Tools like Kubernetes enable engineering teams to spin up ephemeral containers in seconds and scale workloads dynamically to meet global demand. Yet the underlying network infrastructure has remained stubbornly rigid. Traditional cloud networking relies heavily on static IP addresses, rigid firewall rules, and slow DNS propagation. This creates a severe architectural mismatch where highly dynamic compute layers are trapped inside static network topologies. This friction becomes a critical failure point when deploying modern distributed workloads. Artificial intelligence applications and autonomous multi-agent systems are inherently transient. They migrate across cloud providers to optimize for GPU availability or drop down to local edge devices for data collection. Every time a container restarts or shifts to a new environment, its physical IP address changes. This IP churn breaks stateful con...

The agentic coding space is getting more crowded. xAI has made Grok Build 0.1, its fastest coding model, available via the xAI API in public beta. That means developers can now build directly on top of the same model that powers xAI’s Grok Build CLI — without needing a SuperGrok or X Premium+ subscription. This is a meaningful step. Until now, access to Grok Build has been limited to paying subscribers using the CLI. Opening it up through the API puts it in front of a much wider developer audience and positions it as a tool for building AI-powered applications, not just using one. What the Model Does Grok Build 0.1 is a coding model specifically trained for agentic coding tasks, including web development, debugging, and MCP support. It’s designed for multi-step workflows where an AI agent needs to plan, reason, and act — not just generate a block of code in response to a single prompt. The model accepts text and image inputs and produces text output, with a 256,000-token...

Anthropic has introduced dynamic workflows in Claude Code, and the feature addresses a problem that most development teams know well: some engineering tasks are simply too large and complex for a single AI agent to handle in a single pass. With dynamic workflows, Claude Code can now write its own orchestration scripts and spin up tens to hundreds of parallel subagents within a single session. Those subagents divide the work, check each other’s findings, and hand you a single coordinated result — without requiring you to build out a full agent pipeline yourself. The feature is available today in research preview across the Claude Code CLI, Desktop and VS Code extension for Max, Team and Enterprise plans. It’s also accessible through the Claude API, Amazon Bedrock, Vertex AI and Microsoft Foundry. What it’s Built For Dynamic workflows are designed for tasks where scope is the limiting factor. Think about a bug hunt across an entire service, a migration that touches h...