One in Four AI Agent Skills Are Vulnerable, NVIDIA Finds
NVIDIA open-sourced a security scanner for AI agent skills and the research behind it is more alarming than the tool itself. The repo is called SkillSpector. NVIDIA says research found 26.1% of agent skills contain vulnerabilities, and 5.2% show likely malicious intent. This is from a study of 42,447 skills pulled from major marketplaces the kind of skills people are already installing into Claude Code, Codex CLI, Gemini CLI, and every other agent framework that ships today. One in four is broken. One in twenty is hostile. SkillSpector scans for 64 vulnerability patterns across 16 categories: prompt injection, credential exfiltration, privilege escalation, supply-chain attacks, memory poisoning, rogue self-modifying agents, MCP tool poisoning, YARA malware signatures, even taint-tracking for "credentials flow to a network sink without sanitization." It runs locally. It does static + optional LLM semantic analysis. It outputs SARIF, so it drops straight into CI. But the part worth sitting with is the category names themselves. 1. Rogue Agent: self-modification at runtime. 2. Memory Poisoning: content designed to persist across interactions. 3. Tool-Based Exfiltration of system prompts. 4. Excessive Agency: autonomous decision-making without a human in the loop. These aren't theoretical anymore. NVIDIA is shipping detectors for them because they're being found in the wild, at scale, on marketplaces real users install from. And notice who is shipping this. Not a scrappy security startup. NVIDIA the company selling the picks and shovels of the entire AI economy is now also writing the threat model for it. (For context: this is the same posture Microsoft took with Windows Defender in the 2000s. When your platform is everywhere, you can't outsource the safety layer.) Agent skills were sold to us as a productivity feature drop a folder into a directory, your agent gets new capabilities. The reality is closer to npm in 2016: a vast ecosystem of executable code, installed with implicit trust, and statistically certain to contain something hostile. The agent ecosystem just got its first SAST tool. It also got proof it needed one. ngl really impressed. https://t.co/IetIcYoTkS
Cut Zapier Costs with Free Open‑Source Automation
I'm done paying Zapier $800 a month after finding this. It's called Activepieces. An open-source automation platform with AI-powered nodes and a visual builder that looks suspiciously like Zapier. • 200+ integrations • AI nodes (LLM calls native to the workflow) • Self-host or...
Gemma 4 12B Adds Zero‑latency On‑device AI for Desktops
"In tandem with the Gemma 4 12B launch, we are officially introducing powerful on-device developer integrations powered by LiteRT-LM, bringing zero-latency local AI execution natively to standard desktop environments ..." https://t.co/LJXt8b0wfa < dev guide for Gemma 4 12B
GitHub's GH-600 Cert Makes Agentic AI Skills Mandatory
🚨 The "Agentic AI Developer" is no longer a buzzword. It’s a formal credential. @github just dropped the GH-600 certification. This isn't about writing prompts. It’s about integrating AI agents safely into CI/CD pipelines without introducing catastrophic failures. To pass this 120-minute exam, you...
Open‑Source GStack Turns Claude Into Full‑Stack Dev Team
100K GITHUB STARS IN JUST A FEW WEEKS 🤯 @GarryTan’s GStack has gone completely viral, and for good reason. The YC CEO open-sourced his personal toolkit, and it's the ultimate cheat code for devs. It turns Claude Code from a basic chatbot...
Salesforce Slashes 231‑day Migration to 13 Days
Salesforce published a detailed writeup on going agentic with Claude Code. A couple things jumped out. A migration they'd scoped at 231 days shipped in 13. One PR delivered 21 endpoints at 100% test coverage.
Optimizing AI Cold Starts on Cloud Run
A Guide to AI Cold Starts on Cloud Run https://t.co/VmrOVZBN5c < running inference on a serverless stack is pretty amazing. How can you tune performance for faster startup? Good post from @shirmeir86 https://t.co/cqzRqL8cF0
Feature Flagging Drives Advanced Cloud‑Native Maturity
Only 6-7% of teams reach the "advanced" cloud native tier. I assumed it took more Kubernetes, service mesh, the hard stuff. The CNCF Q1 2026 data proved me wrong. The actual bridge? Feature flagging - and the report explains exactly why it...
Joule Studio 2.0 Enables Spec‑Driven Enterprise Development
Joule Studio 2.0 is the real headline from Sapphire 2026. "Enterprise vibe coding" - spec-driven development from intent -> testing -> deployment, on an open architecture. #AI #CIO https://t.co/sHzTSfMtMT
Stabilized Kubernetes Production by Optimizing Scaling and Monitoring
I was about the biggest problem at work related to my role which I have resolved? One of the biggest challenges I resolved involved recurring production instability in a Kubernetes environment supporting customer-facing applications. The platform experienced intermittent downtime due to...
InsForge Lets Coding Agents Manage Full Backend Infrastructure
.@InsForge turns your coding agent into a principal backend engineer. Backend servers, database, LLM gateway, frontend deployment, and more. Every primitive built for how coding agents actually work, so they can run your entire infrastructure. Congrats on the launch, @hanghuang_ &...
Essential AWS DevOps Tools Every Cloud Engineer Needs
AWS DevOps services every cloud engineer should know ☁️⚙️ CI/CD, containers, serverless, monitoring, IaC, and automation — all in one roadmap. 🚀
AI‑written Code Meets On‑call Chaos—Rootly Saves Production
🤖 Half your codebase was written by AI. 👤 The other half by someone who left two years ago. Guess who's on-call when it breaks. New video on Rootly AI SRE - the partner that's got your back when prod goes down. 👇 Link...
Streamlining to ~20 Essential SaaS Providers
Wavespeed for GPU (Photo AI + Interior AI) Cloudflare for R2 storage and domain renewal xAI for LLM AI API for all my sites Backblaze for backups Hetzner for VPS Scrapingbee for scraping (mostly for Hotelist) Google Cloud (also for Hotelist) NameCheap (for like 4 domains left...
AI Makes Exhaustive Testing Affordable, Not Just Faster
It's not that AI lets you write code faster. Plenty of people have noticed that. It's that AI lets you verify at a level that was previously too expensive to sustain. The 90% testing threshold is magical, but it used...