Practical guides on verification-first security, for teams shipping with AI coding agents, PR gates, and fast-moving product teams who would rather prove it than suspect it.
·5 min read·Anyone running Fortinet firewalls, or wondering whether their patched systems are actually patched.
75,000 Fortinet firewalls compromised across 194 countries. No zero-day. No novel exploit. Credential reuse and a hashing migration that never finished. The PBKDF2 gap is the story every other post missed.
Attackers adopted orphaned Arch Linux packages, injected malicious PKGBUILDs that install credential-stealing malware via npm preinstall hooks. eBPF rootkit hides the payload from ps and htop. The official repos were fine. The AUR was not.
FulcrumSec dumped 4.8TB of student data from Global Schools Group. 12K passwords in plaintext, every one identical. S3 buckets with no locks. An old ransomware infection they never actually cleaned.
Pliny the Liberator jailbroke Claude Fable 5 in less than a day using a multi-agent 'pack hunt.' 1,000 hours of pre-launch red-teaming missed it. Single-model safety evals always will.
A fake Sentry alert, dressed as a runbook and tagged like permissions for an AI agent, tried to get it to run a typosquatted npx command. This is the lethal trifecta in an ops costume. The fix is to stop treating operational text as trusted.
Meta gave its support AI the power to change account emails, then let a VPN-spoofable location vouch for you. Attackers asked it to swap the email and walked into the Obama, Sephora, and Space Force accounts. The design lesson for anyone shipping an AI agent.
OX Security found an RCE in the official MCP SDK. Anthropic calls it expected. Here is how you know if you got owned, and the playbook to lock it down.
Socket Research disclosed a postinstall-hook campaign across 700+ GitHub repositories today. Different actor than TeamPCP. Same playbook. One config change kills the entire attack class.
TeamPCP spent May 2026 working through the security industry like a hit list. How to tell if you're already infected, what to do if you are, and what hardens you for the next wave.
Bots find a leaked OpenAI key in under four minutes. Lovable apps shipped with wide-open Supabase databases. The Tea breach. Every disaster has the same shape, and avoiding it doesn't take a security degree.
Each prompt is engineered for a coding agent. Explicit scope, regex patterns, output format specs, edge case handling. Paste one at Cursor, Lovable, or Claude Code and let it do the actual security work.
Static analysis produces suspicion. Exploit verification produces evidence. For teams building with agents, that distinction is the difference between a fix and a false close.