Blog

Jul 6, 2026
The mandate gap: the agent risk your security stack can't see

Coding agents introduce a new class of risk: the gap between what a user authorized and what the agent actually did. Why your existing controls miss it, and how to govern intent instead of just actions.

Ido · 6 min read
Jun 8, 2026
The Missing Dependencies Hidden Inside AI Agent Skills and Plugins

We found 72 exported AI agent skills and plugins referencing package names that do not exist, creating an opening for slopsquatting attacks across npm, PyPI, and Cargo.

Noam · 6 min read
May 28, 2026
Baloo: The Code Reviewer We Built for Our Own Agents

Baloo is Bluebear's open-source GitHub App for self-hosted AI pull request review, built from the agent we used to review our own agent-generated code.

Amir · 4 min read
May 19, 2026
The Hidden Git Branch That Leaked 20,000+ AI Coding Sessions

While tracing the source of an AI coding-agent dataset, we found 20,000+ agent sessions exposed through public Git branches, including API keys, credentials, infrastructure details, and screenshots.

Noam · 5 min read
Apr 29, 2026
It's Not What the Model Writes. It's What the Agent Runs.

Recent threat intelligence details how cybercriminals are using headless coding agent frameworks on compromised hosts to automate source code exfiltration.

Ido · 3 min read
Apr 20, 2026
The Hidden Attack Surface Inside Every Coding Agent

Most teams still talk about coding agents as if they're just LLMs that write code. That misses the real security picture.

Ido · 2 min read
Mar 20, 2026
The Credentials Your AI Agent Sees (And Why You Should Care)

AI agents increasingly need credentials to act on our behalf, and by doing that are quietly turning local configuration files and shell profiles into a secondary, high‑risk credential store. That creates a new security boundary, a phenomena we call context‑window credential drift

Ido · 9 min read
Mar 11, 2026
The Coding Agent Ecosystem Is Now a Target

Attackers aren't just targeting what coding agents do — they're going after the entire ecosystem around them. InstallFix is only the latest example.

Ido · 4 min read