Archives

Ghostty has shipped three security advisories in 18 months, each dismissed as requiring 'user interaction.' The pattern reveals something important about how the industry treats terminal injection — and why that framing is increasingly dangerous.

Hermes Agent's pluggable search provider architecture creates a layered attack surface most users don't see: prompt injection through search results, credential exfiltration via scheduled jobs, and silent query routing through third-party infrastructure.

The word 'harness' is everywhere in AI agent development but means different things to different people. A new open standard proposes a precise definition and a directory convention to solve real problems: slow initialization, context blindness, and role maintainability.

Two complementary frameworks — Simon Willison's Lethal Trifecta and Meta's Rule of Two — explain why AI coding agents are reliably exploitable when they combine private data access, untrusted input, and external communication.