Posts

Cloudflare Security Audit Skill: Multi-Phase AI-Powered Security Audits for Code Repositories

Cloudflare's security-audit-skill is an open-source skill for AI coding agents that performs structured, multi-phase security assessments of software repositories. Rather than relying on ad hoc vulnerability searches, it guides the agent through a six-phase workflow consisting of reconnaissance, parallel vulnerability hunting across multiple attack classes, adversarial validation by independent agents, deduplication, machine-readable report generation, and schema validation. The methodology emphasizes reporting only demonstrably exploitable vulnerabilities with concrete attack scenarios, while reducing false positives through independent verification. Designed as the foundation of Cloudflare's Vulnerability Discovery Harness (VDH), the skill supports coding agents capable of tool use and parallel sub-agents, producing actionable security findings instead of generic best-practice recommendations. https://github.com/cloudflare/security-audit-skill

GhostApproval: A Trust Boundary Gap in AI Coding Assistants

Wiz Research introduces GhostApproval , a category-wide vulnerability affecting multiple AI coding assistants, including Amazon Q Developer, Claude Code, Cursor, Google Antigravity, Augment, and Windsurf. The attack exploits symbolic links (CWE-61) to trick AI agents into writing to sensitive files outside the project workspace, while approval dialogs often display only the benign-looking workspace path rather than the actual target (CWE-451: User Interface Misrepresentation of Critical Information). In some cases, the agent internally recognizes the true destination but presents misleading information to the user, undermining the "human-in-the-loop" security model; in Windsurf, writes were observed to occur before user approval. The research recommends resolving canonical paths before prompting users, clearly displaying the real destination of file operations, enforcing workspace boundary validation, and ensuring that no filesystem changes occur until explicit authorization ...

GitLost: How We Tricked GitHub's AI Agent Into Leaking Private Repositories

Noma Security introduces GitLost , an indirect prompt injection attack against GitHub Agentic Workflows that can coerce AI-powered GitHub agents into disclosing data from private repositories. By embedding malicious instructions inside a seemingly legitimate public GitHub issue, an attacker can exploit agents that have overly broad repository permissions, causing them to retrieve confidential files and publish them in public comments. The research demonstrates that prompt-based guardrails can be bypassed with minor linguistic changes, highlighting that the root cause is architectural rather than a simple implementation bug. The authors recommend enforcing least-privilege permissions, isolating agents that process untrusted content from those with access to sensitive repositories, limiting public output channels, and treating all externally supplied content as untrusted input.  https://noma.security/blog/gitlost-how-we-tricked-githubs-ai-agent-into-leaking-private-repos

Build Your Own Vulnerability Harness

Cloudflare presents the architecture behind its AI-powered Vulnerability Discovery Harness (VDH), a model-agnostic framework for large-scale vulnerability research. Rather than relying on a single coding agent, the system orchestrates multiple specialized AI agents across stages including reconnaissance, vulnerability hunting, adversarial validation, deduplication, dependency tracing, feedback, and reporting. Findings are independently verified using a separate Vulnerability Validation System (VVS) powered by a different model, reducing false positives through adversarial cross-checking. The post emphasizes that orchestration—not any specific LLM—is the key to scalable AI-assisted security research, and describes techniques for persistent state management, automated triage, cross-repository analysis, and continuous vulnerability discovery. Cloudflare also releases its initial security-audit skill as an open-source starting point for building similar security workflows.  https://bl...

Solving the Identity Crisis for AI Agents

This Uber Engineering blog describes how the company redesigned its identity and access management architecture to securely support production AI agents. Instead of treating agents as generic service accounts, Uber gives each agent a unique cryptographic identity, issues short-lived JWTs through a Security Token Service (STS), and propagates an actor chain that preserves the originating user and every intermediary agent involved in a workflow. The architecture leverages SPIFFE/SPIRE workload identities, scoped credentials, MCP-aware authorization, and end-to-end audit trails, enabling fine-grained access control, accountability, and secure delegation across multi-agent systems while reducing the risks of overprivileged agents and poor attribution.  https://www.uber.com/us/en/blog/solving-the-agent-identity-crisis/

Metano SkillTracer: Free AI Agent Skill Security Scanner

SkillTracer is a free security scanner from Metano Labs that analyzes AI agent skills before they are installed or executed. It combines static analysis (SAST) with dynamic sandbox execution (DAST) to detect malicious behaviors such as credential theft, prompt injection, remote code execution, data exfiltration, MCP/tool poisoning, and obfuscated code. The scanner produces transparent risk and threat scores aligned with the OWASP Agentic Top 10, OWASP AIVSS, and MITRE ATLAS, along with evidence-backed reports to help developers evaluate the safety of third-party AI skills.  https://labs.metano.ai/scanner

NIST Enrichment Reductions Impact CVE Coverage, Accuracy

This article examines the impact of NIST's decision to prioritize enrichment for only a subset of CVEs in the National Vulnerability Database (NVD). While the change helps the agency address a growing backlog by focusing on high-impact vulnerabilities—such as those in CISA's Known Exploited Vulnerabilities (KEV) catalog, federal software, and critical infrastructure—it also leaves many newly disclosed CVEs without NIST-provided CVSS scores, CPE mappings, or additional analysis. Researchers warn that organizations relying heavily on NVD enrichment may face reduced visibility and less accurate vulnerability prioritization, increasing the need for alternative intelligence sources and risk-based vulnerability management practices. https://www.darkreading.com/vulnerabilities-threats/nist-enrichment-reductions-cve-coverage-accuracy