Latest

Web applications, especially single‑page applications (SPAs) rely heavily on client‑side JavaScript caching for performance and ensuring updates are seamless. Most JavaScript bundlers (vite, webpack, etc.) compile, optimize, and bundle source JavaScript into static assets that are served to the browser. These build pipelines append a hash to the filename of the bundled JS file for cache‑busting purposes. The hash is a unique identifier for the bundled JS file that is generated by the build pipeline.

Aikido Security recently uncovered a new class of CI/CD vulnerabilities they call **PromptPwnd**. The gist of the issue is simple: steps in the CI/CD workflows (e.g. GitHub Actions and GitLab pipelines) are increasingly using AI agents like Gemini CLI, Claude Code and OpenAI Codex to triage issues, label pull requests or generate summaries. These workflows sometimes embed untrusted user content—issue titles, PR descriptions or commit messages—directly into the prompts fed to the model. In this blog I will explore the core of the issue and some potential solutions.

The core of the issue with the Antigravity failure was that the AI assistant treated data as instructions, then executed those instructions through its tool layer with no human in the loop. This can happen not just in IDEs but agents in general.In this blog, I will demonstrate the failure using a local model and some scripting and will present good practices on how to prevent them.

From a development perspective, most AI security problems come from the workflow around the model, not the model itself. The issues usually show up in the inputs, the data paths, and the decisions that run without any guardrails.

Earlier this month, attackers compromised a popular npm maintainer via a phishing attack, then published malicious versions of 18 widely-used packages (including debug) that together have over 2 billion weekly downloads. These packages injected browser-side malware that intercepted cryptocurrency transactions, replacing wallet addresses with attacker-controlled ones using visually similar strings to evade detection. This was a supply chain attack with no CVE assigned at the time, meaning regular SCA scanners, which rely on published CVEs, could not detect it. In this post, I will explore an alternative approach of scanning for behavioral patterns and heuristics using small language models.