Tag

#AI Agents

Posts tagged "AI Agents".

Jul 7, 2026
Bear Metal: The Coding Agent We Point at Our Own Backlog

Bear Metal is Bluebear's open-source background coding agent: it works tickets delegated through Linear and opens pull requests through your GitHub App installation.

Aviv · 5 min read
Jul 6, 2026
The mandate gap: the agent risk your security stack can't see

Coding agents introduce a new class of risk: the gap between what a user authorized and what the agent actually did. Why your existing controls miss it, and how to govern intent instead of just actions.

Ido · 6 min read
Jun 8, 2026
The Missing Dependencies Hidden Inside AI Agent Skills and Plugins

We found 72 exported AI agent skills and plugins referencing package names that do not exist, creating an opening for slopsquatting attacks across npm, PyPI, and Cargo.

Noam · 6 min read
May 28, 2026
Baloo: The Code Reviewer We Built for Our Own Agents

Baloo is Bluebear's open-source GitHub App for self-hosted AI pull request review, built from the agent we used to review our own agent-generated code.

Amir · 4 min read
May 19, 2026
The Hidden Git Branch That Leaked 20,000+ AI Coding Sessions

While tracing the source of an AI coding-agent dataset, we found 20,000+ agent sessions exposed through public Git branches, including API keys, credentials, infrastructure details, and screenshots.

Noam · 5 min read
Apr 29, 2026
It's Not What the Model Writes. It's What the Agent Runs.

Recent threat intelligence details how cybercriminals are using headless coding agent frameworks on compromised hosts to automate source code exfiltration.

Ido · 3 min read
Mar 20, 2026
The Credentials Your AI Agent Sees (And Why You Should Care)

AI agents increasingly need credentials to act on our behalf, and by doing that are quietly turning local configuration files and shell profiles into a secondary, high‑risk credential store. That creates a new security boundary, a phenomena we call context‑window credential drift

Ido · 9 min read