Toni Antunovic
Author ProfileClaim This Author Profile
Prove ownership by publishing #HashtagPLUS and this profile link on your author page or an article under your byline. A moderator or admin will review the request before it merges into your real HashtagPLUS username.
π dev.toSource
A bootstrap API and a live feature-flag sync mean Anthropic can modify what Claude Code is told to do, at startup and every 60 seconds after, without shipping an update. Here is what the mechanism looks like and what you should do about it.
π dev.toSource
From Dev.to - devsecops: What LucidShark Would Have Caught Before the TanStack Attack Landed
π dev.toSource
From Dev.to - devsecops: How to Review Code Your AI Agent Wrote While You Were Sleeping
π dev.toSource
From Dev.to - security: Approve Once, Exploit Forever: The Trust Persistence Vulnerability Vendors Will Not Fix
π dev.toSource
From Dev.to - webdev: The Georgia Tech CVE Data Shows AI Code Tools Have a Volume Problem
π dev.toSource
From Dev.to - security: CVE-2026-26268: How Cloning a Repo Can Now Execute Attacker Code in Your AI IDE
π dev.toSource
From Dev RSS Feed: The MCP RCE That Anthropic Won't Patch: Your Enforcement Checklist
π dev.toSource
From Dev.to - security: 572K Weekly Downloads, One Preinstall Script: The SAP CAP Supply Chain Attack Your AI Agent Would Have Missed
π dev.toSource
This article was originally published on LucidShark Blog. In December 2025, OWASP released something the security community had been waiting for: a threat model built specifically for autonomous AI agents. Not chatbots. Not LLM APIs. Agents: systems that plan, use tools, call ext