Why OpenAI Had To Build A Real Windows Sandbox For Coding Agents
OpenAI's new Windows sandbox work for Codex shows that useful coding agents cannot live on vague trust. They need operating-system boundaries that match real developer workflows.
// Topic
Software
Composer Turned a Token Format Change Into a CI Secret Leak
A small GitHub token format change exposed a brittle security assumption in Composer and turned ordinary GitHub Actions logs into a credential leak path for PHP teams.
GitHub Wants AI Agents To Catch Secrets Before Git Does
GitHub's new generally available MCP secret scanning turns credential leaks into a live coding-time problem instead of a post-commit cleanup job. That is exactly where AI agents need security guardrails.
AI Bug Hunters Are Becoming Security Infrastructure
Microsoft and Mozilla have both shown that AI vulnerability discovery works best as a pipeline, not a magic model. The next security advantage belongs to teams that can turn model output into proven fixes.
AI Security Tools Are Moving From Finding Bugs to Building Exploits
New benchmark results suggest frontier AI agents are no longer limited to spotting vulnerabilities. Some can turn real software flaws into working exploits.
End of list