AI platforms leaked real data this month: Lovable exposed every pre-2025 project via a BOLA bug, and Vercel lost env vars after an over-privileged AI assistant was compromised. At the same time, open models like Kimi K2.6 are hitting top coding benchmarks at a fraction of Claude’s token cost, while many teams quietly double down on Proxmox+Docker, Postgres+pgvector, and other boring-but-hardened infra.
The flash is in AI, but the reliable patterns are cheap open models on simple stacks, with auth and orchestration now the main places things break.
Key Events
/Lovable exposed all projects created before November 2025 via a Broken Object Level Authorization bug that let any authenticated user query any project.
/Hackers breached Vercel after an employee’s malware-infected machine granted an AI tool broad Google Workspace access, stealing env vars and demanding a $2M ransom.
/GitHub paused new signups for GitHub Copilot Pro plans and is preparing token-based billing for Copilot users.
/Open-source model Kimi K2.6 reached a 58.6 SWE-Bench Pro score and is marketed as roughly 94–95% cheaper than Claude Opus 4.7 on OpenRouter.
/Git 2.54 shipped with config-based hooks, an experimental 'git history' command, and improved history-rewriting tools.
Report
AI-centric tooling had a bad month for trust: the Lovable app builder exposed all projects created before November 2025 via a Broken Object Level Authorization bug, and Vercel’s breach originated from an AI tool with broad Google Workspace access on a malware-infected employee machine that led to env var theft.
At the same time, open models like Kimi K2.6 are hitting state-of-the-art coding scores at far lower token prices while GitHub and Copilot reshape their offerings with a signup freeze, upcoming token billing, and evidence that only about 1% of AI-generated repos are production-ready.
auth and ai tooling breaches got real
Lovable shipped with a Broken Object Level Authorization bug that let any authenticated user query any project without ownership checks. The issue affected all projects created before November 2025.
It was still open 48 days after being reported on HackerOne, despite millions of users relying on the platform.Vercel’s incident started from an employee infected with infostealing malware, who had granted an AI tool broad access to Google Workspace, which attackers then used to reach internal systems and customer env vars.
The attackers tried to sell stolen authentication tokens and demanded a $2M ransom, highlighting how over-privileged AI tools and OAuth tokens turn into a supply-chain risk.
copilot, github, and low-signal stars
GitHub has shifted its homepage away from pure Git repo hosting toward AI and collaboration features, while also pausing new signups for GitHub Copilot Pro and related plans to keep the service stable.
Microsoft plans to move Copilot to token-based billing, moving away from simple seat-based pricing. A review of AI-generated GitHub repositories found that only about 1% passed production readiness checks.
In parallel, developers are calling GitHub’s star system a "fake star economy," saying stars are easily gamed and no longer a reliable quality signal.
Some users are exploring self-hosted alternatives and explicitly asking for better cost tracking of AI agents and more granular permission controls rather than more surface-level AI features.
kimi, qwen, and cheaper high-end coding models
Kimi K2.6 scored 58.6 on SWE-Bench Pro, setting a new open-source state of the art for coding benchmarks. The model supports a 262K-token context window and has executed over 4,000 tool calls in long-horizon coding runs across multiple languages.
On OpenRouter, Kimi K2.6 is advertised as roughly 94–95% cheaper than Claude Opus 4.7 for both input and output tokens. Developers report that using Qwen3.6 via LM Studio as a Claude Code subagent can cut Opus token usage by around 30x per task.
On the serving side, some teams see nearly double the throughput with vLLM compared to llama.cpp, along with more flexible VRAM allocation for many concurrent users, though they also note higher resource demands and CUDA headaches.
agent orchestration is where most failures hide
Roughly 70% of failures in LangChain-based multi-agent systems are attributed to orchestration problems rather than the base models. Many developers say they moved back to vanilla Python or TypeScript because LangChain’s complex graphs, retries, and hidden state made debugging too painful.
LangGraph is being used for more advanced flows, including multi-agent screening pipelines that target over 90% confidence in autonomous decisions, but production deployments add heavy failure recovery and chaos testing compared to demos.
A two-hour Claude outage revealed brittle fallbacks when a switch to GPT‑4o produced about a 30% tool-call error rate due to prompts tuned specifically for Claude.
Similar fragility shows up in low-code tools: one n8n user reported that only 10 of their 40 automations still worked after a year, and many describe OpenClaw as still in a "toy phase" despite recent price cuts on its "owned read" API calls.
infra is consolidating around boring but hardened stacks
In homelabs and smaller production setups, many users are moving from bare-metal Docker or Unraid to Proxmox with VMs running Docker, often combined with ZFS-backed storage and an emphasis on backups rather than relying on RAID alone.
Common Docker hardening patterns now include running containers as non-root, isolating them in dedicated networks, applying egress filtering, and adding Fail2Ban and UFW on the host.
Several threads call out Docker’s relatively weak isolation and recommend VMs for internet-exposed services, while still treating simple Docker Compose as the preferred orchestrator for most workloads.
Kubernetes is repeatedly described as overkill for small to moderate apps, with cluster operations, connection pooling, and on-prem security consuming more effort than the workloads justify.
On the data side, Postgres with pgvector is increasingly used as a cheaper open-source alternative to vector databases like Pinecone, and tools such as pgmon, ggsql, Visual Explain, and qusql are making it easier to monitor and optimize SQL without leaving the database.
What This Means
AI is moving deeper into both your editor and your infra, but the sharpest breakages are coming from orchestration, auth, and secrets handling rather than from the models themselves. At the same time, the stack that keeps showing up in the wild is cheaper open models on top of boring, hardened infra, not glossy end-to-end AI platforms.
On Watch
/AWS–Anthropic: Anthropic plans to spend $100B on AWS services after Amazon’s $5B investment, which could reshape GPU availability, pricing, and which regions get first-class AI infra.
/Local and Apple Silicon-first GPU tooling like TRELLIS.2 and PharmaCore’s stack are maturing, hinting at more serious, cloudless AI workloads on Macs without NVIDIA GPUs.
/FastMCP 3.2’s new ability to return interactive UIs (charts, forms) from MCP tools suggests agent ecosystems may start to look more like full-blown app platforms than simple CLI-style helpers.
Interesting
/Pentest Copilot aims to enhance penetration testing workflows, indicating GitHub's commitment to security tools.
/UnslothAI's custom backpropagation kernels in Triton outperform PyTorch's default autograd, enhancing performance for deep learning tasks.
/Users have reported that heavy reliance on AI tools like Cursor can lead to a significant loss of knowledge retention in coding tasks.
/Local LLMs on a Mac with 32-64 GB RAM can perform comparably to Claude Sonnet-level models, making them suitable for daily coding tasks.
/Dozzle Cloud, currently in beta, offers AI aggregation of logs and one-click deployment of self-hosted stacks, aiming to simplify log management.
We processed 10,000+ comments and posts to generate this report.
AI-generated content. Verify critical information independently.
/Lovable exposed all projects created before November 2025 via a Broken Object Level Authorization bug that let any authenticated user query any project.
/Hackers breached Vercel after an employee’s malware-infected machine granted an AI tool broad Google Workspace access, stealing env vars and demanding a $2M ransom.
/GitHub paused new signups for GitHub Copilot Pro plans and is preparing token-based billing for Copilot users.
/Open-source model Kimi K2.6 reached a 58.6 SWE-Bench Pro score and is marketed as roughly 94–95% cheaper than Claude Opus 4.7 on OpenRouter.
/Git 2.54 shipped with config-based hooks, an experimental 'git history' command, and improved history-rewriting tools.
On Watch
/AWS–Anthropic: Anthropic plans to spend $100B on AWS services after Amazon’s $5B investment, which could reshape GPU availability, pricing, and which regions get first-class AI infra.
/Local and Apple Silicon-first GPU tooling like TRELLIS.2 and PharmaCore’s stack are maturing, hinting at more serious, cloudless AI workloads on Macs without NVIDIA GPUs.
/FastMCP 3.2’s new ability to return interactive UIs (charts, forms) from MCP tools suggests agent ecosystems may start to look more like full-blown app platforms than simple CLI-style helpers.
Interesting
/Pentest Copilot aims to enhance penetration testing workflows, indicating GitHub's commitment to security tools.
/UnslothAI's custom backpropagation kernels in Triton outperform PyTorch's default autograd, enhancing performance for deep learning tasks.
/Users have reported that heavy reliance on AI tools like Cursor can lead to a significant loss of knowledge retention in coding tasks.
/Local LLMs on a Mac with 32-64 GB RAM can perform comparably to Claude Sonnet-level models, making them suitable for daily coding tasks.
/Dozzle Cloud, currently in beta, offers AI aggregation of logs and one-click deployment of self-hosted stacks, aiming to simplify log management.