Bear Metal: The Coding Agent We Point at Our Own Backlog
Bear Metal is Bluebear's open-source background coding agent: it works tickets delegated through Linear and opens pull requests through your GitHub App installation.
Read the post

Coding agents introduce a new class of risk: the gap between what a user authorized and what the agent actually did. Why your existing controls miss it, and how to govern intent instead of just actions.

We found 72 exported AI agent skills and plugins referencing package names that do not exist, creating an opening for slopsquatting attacks across npm, PyPI, and Cargo.

Baloo is Bluebear's open-source GitHub App for self-hosted AI pull request review, built from the agent we used to review our own agent-generated code.

While tracing the source of an AI coding-agent dataset, we found 20,000+ agent sessions exposed through public Git branches, including API keys, credentials, infrastructure details, and screenshots.

Recent threat intelligence details how cybercriminals are using headless coding agent frameworks on compromised hosts to automate source code exfiltration.

Most teams still talk about coding agents as if they're just LLMs that write code. That misses the real security picture.

AI agents increasingly need credentials to act on our behalf, and by doing that are quietly turning local configuration files and shell profiles into a secondary, high‑risk credential store. That creates a new security boundary, a phenomena we call context‑window credential drift

Attackers aren't just targeting what coding agents do — they're going after the entire ecosystem around them. InstallFix is only the latest example.