Source Code Exfiltration in Google Antigravity‍TL;DR: We explored a known issue in Google Antigravity where attackers can silently exfiltrate proprietary source codeBy hiding malicious instructions ...

Using an AI coding assistant to migrate an application from one programming language to another wasn’t as easy as it looked. Here are three takeaways.

Are AGENTS.md files actually helping your AI coding agents, or are they making them stupider? We dive into new research from ETH Zurich, real-world experiments, and security risks to find the truth ...

Safe coding is a collection of software design practices and patterns that allow for cost-effectively achieving a high degree ...

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism.

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...

Abstract: Programming language source code vulnerability mining is crucial to improving the security of software systems, but current research is mostly focused on the C language field, with little ...

Abstract: The quality of modern software relies heavily on the effective use of static code analysis tools. To improve their usefulness, these tools should be evaluated using a framework that ...

AI tools are fundamentally changing software development. Investing in foundational knowledge and deep expertise secures your career long-term.

Despite rapid generation of functional code, LLMs are introducing critical, compounding security flaws, posing serious risks for developers.