Skip to main content

Posts

Latest Typosquatting Attack Targeting VS Code Tools Hits Windsurf IDE

Cybersecurity researchers from Bitdefender, a provider of an endpoint detection and response (EDR) platform, have discovered an extension to the Windsurf integrated development environment (IDE) that steals credentials and data after code is downloaded from the Solana blockchain platform. Silviu Stahie, a security analyst for Bitdefender, said the extension makes use of typosquatting tactics to make it appear as though it is a legitimate instance of REditorSupport, an extension that provides an IDE to developers that are building applications using the R programming language that is typically used to build statistical computing and data visualization applications. Windsurf, like most AI coding tools, is based on Visual Studio (VS) Code, an open source AI code editor. The issue that more DevSecOps teams need to be aware of is that fake extensions to tools based on VS Code are now being employed more widely to compromise software supply chains, said Stahie. In this instance, the ex...
Post a Comment
Read more
Recent posts

Microsoft Field Engineers Built a Six-Agent Research Pipeline in VS Code That Fact-Checks Its Own Output

A customer deploys AKS in a regulated environment, hits an issue during node bootstrapping, and wants to know exactly what happens when a node joins the cluster. The question sounds simple. The answer is spread across the AgentBaker source code, the cloud-provider-azure module, a Microsoft Learn article, three abstraction levels above what actually runs on the node, and the institutional knowledge of a teammate who may or may not be online. That’s the daily reality for Microsoft’s Global Black Belts — field engineers handling deep technical questions about Azure Kubernetes Service (AKS) and Azure Red Hat OpenShift (ARO). Two of them, Diego Casati and Ray Kao, built a system that does what they do: retrieve, correlate, verify, and write up the answer. They call it Project Nighthawk. What Nighthawk Does Nighthawk is a multi-agent research system built inside VS Code with GitHub Copilot. You type a command like /Nighthawk how does AKS implement KMS encryption with customer-managed k...
Post a Comment
Read more

Giving AI Agents the Keys to Real Infrastructure

AI coding assistants can generate pull requests faster than most teams can review them, and that mismatch is creating a new kind of bottleneck across engineering organizations. The volume of AI-generated code is growing rapidly, but without a reliable way to validate that code against real production environments, teams are left choosing between slowing down to manually review everything or accepting the risk of pushing untested changes forward. Alan Shimel speaks with Sumeet Vaidya, CEO and co-founder of Crafting.dev, about the emerging concept of closed-loop autonomous development. The idea is straightforward: rather than treating AI agents as tools that hand off code for humans to verify, give those agents the ability to test their own output against live dependencies and real infrastructure before a human ever needs to get involved. The conversation explores what it takes to make that work in practice. Traditional sandboxing approaches struggle to replicate the complexity of...
Post a Comment
Read more

Survey Surfaces Increased Reliance on Open Source Software to Build Apps

A survey of 712 IT professionals finds that programming languages and frameworks (49%), followed closely by ​databases and data technologies (46%), DevOps/GitOps/DevSecOps tooling (39%) and cloud and container technologies (38%) are the areas where open source software is most widely adopted. Conducted in collaboration with the Open Source Initiative (OSI) consortium and the Eclipse Foundation, the survey also finds nearly half (49%) of respondents reporting they have increased use of open source software in the last year, with 21% describing that increase as significant. Nearly half (49%), however, said usage of open source software remained the same in the last year. Not surprisingly, the primary reason cited for adopting open source software was reduced costs derived from no licensing fee (62%), followed by avoiding vendor lock-in (55%). Despite that level of adoption, roughly a third of respondents also noted they still struggle with Security updates and patches (39%), instal...
Post a Comment
Read more

How AI is Shaping Modern DevOps and DevSecOps

AI is no longer a side experiment in software delivery. Gartner estimates that by 2028, three-quarters of enterprise software engineers will use AI code assistants, up from less than 10% in early 2023 . That scale matters because it shifts day-to-day work across the entire software development lifecycle — from what makes it into the backlog to how we release and learn after incidents. From SDLC to Flow: What Really Changes Across planning and design, AI reduces noise. Backlogs get de-duplicated, related items are grouped, and dependency-heavy work is surfaced earlier, so sprints start clearer. During build and test, assistants suggest edge cases, flag risky changes, and help teams focus on the small number of issues that truly threaten stability. In release and operations, AI connects the dots between recent deploys, logs and user impact, so responders get to the first safe action faster. None of this is magic; it’s shorter feedback loops and better signals, stitched into the work...
Post a Comment
Read more

Meta Researchers Show AI Agents Can Verify Code Without Running It — and Hit 93% Accuracy

Can an AI agent determine whether two code patches are functionally equivalent without executing either one? Meta researchers Shubham Ugare and Satish Chandra say yes — if you give the agent the right reasoning structure. Their paper, “Agentic Code Reasoning,” published in March, introduces a technique called semi-formal reasoning that improves AI agents’ ability to analyze code semantics across three practical tasks: Verifying whether patches produce the same behavior, localizing bugs in codebases, and answering questions about how code works. The results are strong enough to matter for how DevOps teams think about code review, verification, and training pipelines. The Problem With How Agents Reason About Code AI agents can navigate codebases, read files, trace dependencies, and gather context. But when asked to make judgments about what code does — whether a patch is safe, whether two implementations are equivalent, where a bug lives — they tend to guess rather than prove. Stan...
Post a Comment
Read more

Developers Using Anthropic Claude Code Hit by Token Drain Crisis

Developers never really voiced any major desire to enter the age of AI coding; they always appeared quite happy to tap away at both chiclet and clacky mechanical keyboards into the wee small hours on manual coding tasks. But that relaxed indifference changed once real coding assistants came onto the scene. Among the most appealing tools in this space is Anthropic’s Claude Code, an AI-powered command-line coding assistant that helps developers write, edit, debug and automate code. But there’s no such thing as a free lunch or an unlimited Claude Code quota, even on the company’s $200 annual subscription deal. Limited to a Relative Multiplier According to Claude itself, “Max 20x ($200/month) is the top individual tier with 20x Pro usage, at which level rate limits stop being a practical concern for most full-day development work. That’s essentially the extent of the official promise, i.e., it’s a relative multiplier, not a hard number.” Since March, 2026, Claude Code Max subscriber...
Post a Comment
Read more