
Friendly Fire: When a Security Scan Becomes RCE
AI Now Institute's Friendly Fire proof-of-concept turns Claude Code's auto-mode security scan into a remote code execution vector for attackers.
Tag

AI Now Institute's Friendly Fire proof-of-concept turns Claude Code's auto-mode security scan into a remote code execution vector for attackers.

Claude in Chrome hit general availability on July 1, 2026. Here's the permission model, the real prompt-injection risk, and safe usage practices.
Claude Code silently fingerprinted users by timezone and proxy since April, hid the signal in Unicode apostrophes, and Anthropic rolled it back on July 1.

OpenClaw became GitHub's most-starred repo in ~60 days. Here's what the self-hosted AI agent actually does, how the multi-channel setup works, and why it scares security folks.

curl's genuine-report rate cratered from over 15% to under 5% in 2025 as AI slop flooded HackerOne. Here's the signal-vs-noise fight facing maintainers.

Agentjacking hijacks AI coding agents through poisoned telemetry pulled via MCP. Here is the real threat model and an evergreen defense checklist.

This passkeys WebAuthn guide takes you from zero to a working, phishing-resistant login: the challenge-response ceremony, full flow, and production gotchas.