<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"><channel><title>Bluebear Blog</title><description>Field notes, threat models, and product thinking from the team building the security control plane for AI coding agents.</description><link>https://bluebear.io/</link><item><title>Bear Metal: The Coding Agent We Point at Our Own Backlog</title><link>https://bluebear.io/blog/introducing-bear-metal/</link><guid isPermaLink="true">https://bluebear.io/blog/introducing-bear-metal/</guid><description>Bear Metal is Bluebear&apos;s open-source background coding agent: it works tickets delegated through Linear and opens pull requests through your GitHub App installation.</description><pubDate>Tue, 07 Jul 2026 00:00:00 GMT</pubDate><author>Aviv</author></item><item><title>The mandate gap: the agent risk your security stack can&apos;t see</title><link>https://bluebear.io/blog/the-mandate-gap/</link><guid isPermaLink="true">https://bluebear.io/blog/the-mandate-gap/</guid><description>Coding agents introduce a new class of risk: the gap between what a user authorized and what the agent actually did. Why your existing controls miss it, and how to govern intent instead of just actions.</description><pubDate>Mon, 06 Jul 2026 00:00:00 GMT</pubDate><author>Ido</author></item><item><title>The Missing Dependencies Hidden Inside AI Agent Skills and Plugins</title><link>https://bluebear.io/blog/agent-skills-plugins-slopsquatting/</link><guid isPermaLink="true">https://bluebear.io/blog/agent-skills-plugins-slopsquatting/</guid><description>We found 72 exported AI agent skills and plugins referencing package names that do not exist, creating an opening for slopsquatting attacks across npm, PyPI, and Cargo.</description><pubDate>Mon, 08 Jun 2026 00:00:00 GMT</pubDate><author>Noam</author></item><item><title>Baloo: The Code Reviewer We Built for Our Own Agents</title><link>https://bluebear.io/blog/introducing-baloo-bear/</link><guid isPermaLink="true">https://bluebear.io/blog/introducing-baloo-bear/</guid><description>Baloo is Bluebear&apos;s open-source GitHub App for self-hosted AI pull request review, built from the agent we used to review our own agent-generated code.</description><pubDate>Thu, 28 May 2026 00:00:00 GMT</pubDate><author>Amir</author></item><item><title>The Hidden Git Branch That Leaked 20,000+ AI Coding Sessions</title><link>https://bluebear.io/blog/hidden-git-branch-leaking-secrets/</link><guid isPermaLink="true">https://bluebear.io/blog/hidden-git-branch-leaking-secrets/</guid><description>While tracing the source of an AI coding-agent dataset, we found 20,000+ agent sessions exposed through public Git branches, including API keys, credentials, infrastructure details, and screenshots.</description><pubDate>Tue, 19 May 2026 00:00:00 GMT</pubDate><author>Noam</author></item><item><title>It&apos;s Not What the Model Writes. It&apos;s What the Agent Runs.</title><link>https://bluebear.io/blog/not-what-model-writes-what-agent-runs/</link><guid isPermaLink="true">https://bluebear.io/blog/not-what-model-writes-what-agent-runs/</guid><description>Recent threat intelligence details how cybercriminals are using headless coding agent frameworks on compromised hosts to automate source code exfiltration.</description><pubDate>Wed, 29 Apr 2026 00:00:00 GMT</pubDate><author>Ido</author></item><item><title>The Hidden Attack Surface Inside Every Coding Agent</title><link>https://bluebear.io/blog/hidden-attack-surface-coding-agents/</link><guid isPermaLink="true">https://bluebear.io/blog/hidden-attack-surface-coding-agents/</guid><description>Most teams still talk about coding agents as if they&apos;re just LLMs that write code. That misses the real security picture.</description><pubDate>Mon, 20 Apr 2026 00:00:00 GMT</pubDate><author>Ido</author></item><item><title>The Credentials Your AI Agent Sees (And Why You Should Care)</title><link>https://bluebear.io/blog/credentials-your-ai-agent-sees/</link><guid isPermaLink="true">https://bluebear.io/blog/credentials-your-ai-agent-sees/</guid><description>AI agents increasingly need credentials to act on our behalf, and by doing that are quietly turning local configuration files and shell profiles into a secondary, high‑risk credential store. That creates a new security boundary, a phenomena we call context‑window credential drift</description><pubDate>Fri, 20 Mar 2026 00:00:00 GMT</pubDate><author>Ido</author></item><item><title>The Coding Agent Ecosystem Is Now a Target</title><link>https://bluebear.io/blog/coding-agent-ecosystem-under-attack/</link><guid isPermaLink="true">https://bluebear.io/blog/coding-agent-ecosystem-under-attack/</guid><description>Attackers aren&apos;t just targeting what coding agents do — they&apos;re going after the entire ecosystem around them. InstallFix is only the latest example.</description><pubDate>Wed, 11 Mar 2026 00:00:00 GMT</pubDate><author>Ido</author></item></channel></rss>