✕ Clear all filters
16 articles
▶ Videos →

📰 Dev.to · Toni Antunovic

16 articles · Updated every 3 hours · View all reads

All Articles 112,955Blog Posts 122,514Tech Tutorials 28,843Research Papers 23,283News 16,811 ⚡ AI Lessons
Claude Code Has a Remote Instruction Channel. Here Is What That Means for Your Workflow.
Dev.to · Toni Antunovic 💻 AI-Assisted Coding ⚡ AI Lesson 1mo ago
Claude Code Has a Remote Instruction Channel. Here Is What That Means for Your Workflow.
A bootstrap API and a live feature-flag sync mean Anthropic can modify what Claude Code is told to do, at startup and every 60 seconds after, without shipping a
Constraint Decay: Why Your AI Coding Agent Passes Tests But Breaks Production
Dev.to · Toni Antunovic 💻 AI-Assisted Coding ⚡ AI Lesson 1mo ago
Constraint Decay: Why Your AI Coding Agent Passes Tests But Breaks Production
A new paper from arxiv shows LLM coding agents lose 30+ accuracy points as structural constraints accumulate, a phenomenon called constraint decay. Here is what
When Every PR Is a Rubber Stamp: What Automated Gates Catch That Exhausted Reviewers Miss
Dev.to · Toni Antunovic ☁️ DevOps & Cloud ⚡ AI Lesson 1mo ago
When Every PR Is a Rubber Stamp: What Automated Gates Catch That Exhausted Reviewers Miss
AI-generated PRs arrive 5x faster than human ones, but review speed has not changed. When reviewers are drowning in backlog, approval becomes a formality. Here
CLAUDE.md Is a Security Boundary
Dev.to · Toni Antunovic 🔐 Cybersecurity ⚡ AI Lesson 1mo ago
CLAUDE.md Is a Security Boundary
Configuration files can be exploited to inject persistent instructions via deeplinks and malicious PRs. Here is how to treat your agent config as the security b
Approve Once, Exploit Forever: The Trust Persistence Vulnerability Vendors Will Not Fix
Dev.to · Toni Antunovic 1mo ago
Approve Once, Exploit Forever: The Trust Persistence Vulnerability Vendors Will Not Fix
Claude Code, Codex CLI, and Gemini-CLI share a TOCTOU trust model that lets a single malicious commit permanently own every future agent session. All three vend
The Georgia Tech CVE Data Shows AI Code Tools Have a Volume Problem
Dev.to · Toni Antunovic 🔐 Cybersecurity ⚡ AI Lesson 2mo ago
The Georgia Tech CVE Data Shows AI Code Tools Have a Volume Problem
Georgia Tech tracked 35 CVEs filed in March 2026, with 27 traced to Claude Code output. Here is what the data actually means for security teams and why volume a
The MCP RCE That Anthropic Won't Patch: Your Enforcement Checklist
Dev.to · Toni Antunovic 🔐 Cybersecurity ⚡ AI Lesson 2mo ago
The MCP RCE That Anthropic Won't Patch: Your Enforcement Checklist
Anthropic confirmed the MCP STDIO remote code execution vulnerability is by-design behavior. With 150 million downloads affected and no protocol fix coming, her
572K Weekly Downloads, One Preinstall Script: The SAP CAP Supply Chain Attack Your AI Agent Would Have Missed
Dev.to · Toni Antunovic 🔐 Cybersecurity ⚡ AI Lesson 2mo ago
572K Weekly Downloads, One Preinstall Script: The SAP CAP Supply Chain Attack Your AI Agent Would Have Missed
Today Socket Research Team published a report that needs to be in your queue: four SAP CAP npm...
AI Hallucinated Dependencies Are the New Supply Chain Attack: How to Stop Them
Dev.to · Toni Antunovic 💻 AI-Assisted Coding ⚡ AI Lesson 2mo ago
AI Hallucinated Dependencies Are the New Supply Chain Attack: How to Stop Them
AI coding agents invent package names that do not exist. Attackers register those exact names with malicious payloads. Here is how to validate every AI-generate
When Your Security Scanner Becomes the Weapon: Lessons from the Trivy Supply Chain Attack
Dev.to · Toni Antunovic 🔐 Cybersecurity ⚡ AI Lesson 3mo ago
When Your Security Scanner Becomes the Weapon: Lessons from the Trivy Supply Chain Attack
The TeamPCP group hijacked 75 tags of trivy-action on GitHub, turning every CI/CD pipeline that called Trivy into a silent credentials exfiltration machine. Her
npm Provenance and SLSA: The Supply Chain Hygiene Baseline Every Team Needs in 2026
Dev.to · Toni Antunovic 🔐 Cybersecurity ⚡ AI Lesson 3mo ago
npm Provenance and SLSA: The Supply Chain Hygiene Baseline Every Team Needs in 2026
The Axios supply chain attack exposed a critical gap: provenance attestations existed but a legacy token bypassed them entirely. Here is how to close that gap w
MCP Connector Poisoning: How Compromised npm Packages Hijack Your AI Agent
Dev.to · Toni Antunovic 🤖 AI Agents & Automation ⚡ AI Lesson 3mo ago
MCP Connector Poisoning: How Compromised npm Packages Hijack Your AI Agent
The axios npm supply chain attack of March 2026 deployed a RAT through AI coding agents autonomously running npm install. Learn how MCP connector poisoning work