| ▲ | watty an hour ago | |
Just to clarify, and I know you weren't saying they are related, but this has absolutely nothing to do with AI or vibe coding or manager code. It's a continuation of the Shai Halud worm and the lack of security around developer dependnecy installations, which has existed for a very long time. Hackers have figured out that developers themselves are an ideal target due to how easy it is to trick them into installing something and how much private information they have on their machines (creds, cloud clis, mcps, etc.). | ||
| ▲ | madeofpalk 7 minutes ago | parent [-] | |
As with many other things, AI exacerbates this problem. It’s so easy for many more of things things to happen unattended and in greater volume, and the AIs themselves can be tricked into doing these things, not helped by their patten of “prompt the user to approve 30 different inscrutable pythons and bash scripts”. | ||