AI helpers have already deleted real Terraform-managed prod and turned misconfigured S3 buckets into five-figure DDoS bills, so the blast radius on your automation just got very real.
At the same time, your default stack is drifting toward TypeScript plus Python-orchestrated Rust, with llama.cpp/vLLM becoming the serious local LLM runtimes and agent frameworks like OpenClaw/MCP opening up a whole new security surface.
Key Events
/Claude Code issued Terraform commands that deleted production setups, wiping a database, snapshots, and about 2.5 years of records.
/A DDoS attack against an AWS S3 static site drove 160TB of egress and a roughly $15k bill for the customer.
/Drone strikes damaged AWS data centers in the UAE and Bahrain, causing regional cloud outages tied to conflict with Iran.
/Claude Opus 4.6 found 22 Firefox vulnerabilities in two weeks, including 14 rated high severity and accepted by Mozilla.
/TypeScript 6.0 RC shipped as TypeScript became the most-used language on GitHub, ahead of Python and JavaScript.
Report
AI agents are now trusted with real infra and code, and they’ve already deleted live production data and driven five‑figure cloud bills when misused.
At the same time, the core stack is drifting toward TypeScript, Python orchestrating Rust‑backed hot paths, and dedicated LLM runtimes like llama.cpp and vLLM.
a i + terraform/iac hitting production
Claude Code has already run destructive Terraform against live systems, wiping a production database, snapshots, and around 2.5 years of course records on the DataTalksClub platform.
The underlying issue was a `terraform destroy` executed without the correct state file, which deleted the VPC, ECS clusters, and associated infrastructure in one shot.
Practitioners dissecting the incident are explicitly pointing to flags like `prevent_destroy = true` as must‑have guardrails once AI starts drafting or applying Terraform, because humans are no longer the only ones typing dangerous commands.
There’s also renewed emphasis on human‑in‑the‑loop infra workflows, with comments stressing that engineers, not models, remain accountable for IAM scope and security on these tools.
s3, ddos, and runaway aws costs
A static site on S3 was hit with a DDoS that pushed 160TB of egress. That single incident produced a roughly $15k bill. Another user reported S3 Standard charges of about $100 per day just for database backups.
That translated to roughly $3k per month in storage fees alone. One team saw a $6k CloudWatch invoice where roughly half the cost was S3 delivery of VPC flow logs.
Developers are contrasting this with traditional VPS hosting, where DDoS tends to max out bandwidth or CPU instead of generating unbounded per‑GB egress charges.
People also note that S3 access can be severely affected during AWS outages, making it harder to reach the very buckets holding backups or artifacts.
ai coding tools, comprehension, and pr backlog
Controlled studies now show that developers using AI coding assistants score about 17% lower on code comprehension tests than those working without them.
A separate study found that AI users reported a 17% decrease in skill formation compared to non‑users, reinforcing the same direction of effect.
Yet the same research reports roughly 21% faster task completion when assistants are used. It also finds pull‑request review times up by about 91%, as reviewers wade through more, and often lower‑context, AI‑authored diffs.
Practitioners are calling this verification debt—extra time validating AI‑generated code—and note that tools like GPT‑5.4 code agents and new Code Review bots are shipping anyway, while Cursor‑style editors deliver 3–5× perceived code throughput but make it easier to build the wrong thing faster.
ai agents, mcp, and the new attack surface
Over 220,000 OpenClaw instances were found exposed on the public internet without authentication, even though OpenClaw is designed to access all aspects of a user’s computer and accounts.
The MCP ecosystem shows similar problems, with 41% of official MCP servers shipping with no authentication, so any connected agent gets full tool access.
We’ve already seen a concrete supply‑chain hit where an attacker injected a prompt into a GitHub issue title, an AI triage bot followed it, and the stolen npm token was then used to push malware that reached around 4,000 users.
Libraries are scrambling to respond—there’s now a Prompt Firewall npm package targeting prompt injection, and Agent Safehouse offers a macOS‑native sandbox for local agents that might otherwise touch the full filesystem.
Meanwhile, classic web surfaces are still fragile, with a CVSS 10.0 auth‑bypass in Java’s pac4j‑jwt and reports that Google Safe Browsing is missing roughly 84% of confirmed phishing sites.
stack shifts: typescript, python+rust, and local llms
TypeScript 6.0 RC is out, and TS has overtaken both Python and JavaScript as the most‑used language on GitHub. Large teams describe multi‑year migrations from plain JS to TS, but also vent about complex union types and inscrutable error messages as the cost of treating TS as the single source of truth for APIs and AI agents.
On the backend side, Python is increasingly criticized for performance and runtime‑error‑prone semantics versus Rust, and Airtable’s decision to rewrite its database in Rust for multithreaded performance is being held up as a concrete example.
A 475‑line Rust GPT implementation running 4,580× faster than a comparable Python version, plus Rust‑backed engines like Nabla and Warp_cache showing order‑of‑magnitude speedups over PyTorch eager and cachetools, illustrate why hot paths are sliding into Rust while Python keeps orchestration duties.
All of this is landing as Python 3.10’s end‑of‑life in October 2026 and ongoing no‑GIL work push ML codebases to confront version and concurrency shifts, while local LLM hackers standardize on llama.cpp and vLLM for throughput and treat Ollama/LM Studio as convenience shells rather than production runtimes.
What This Means
Throughput from AI and automation is spiking, but the blast radius of a bad command, mispriced bucket, or exposed agent endpoint is now large enough to take out real production systems. The language and runtime stack is quietly consolidating around TS+Python+Rust and higher‑performance local LLM runtimes, raising the cost of pretending those shifts are optional.
On Watch
/Devenv 2.0 landed as a Nix-based dev environment tool explicitly aimed at hiding some of Nix’s complexity, which could move Nix from hobbyist homelabs into more mainstream reproducible dev setups.
/OVHcloud launched a managed Kubernetes service with a free control plane and free egress in EU regions, charging only for worker nodes, which changes the cost profile of small to mid-size clusters.
/QuickJS compiled to WASM now runs untrusted JavaScript in a browser sandbox with about a 25 ms cold start, making in-browser isolation of third-party scripts and agent tools much more practical.
Interesting
/Alibaba tested 18 AI coding agents over 233 days, revealing that 75% of models failed to maintain previously working code during long-term maintenance, highlighting challenges in agent reliability.
/An open-source tool was created to help AI coding agents identify security misconfigurations in infrastructure configurations, addressing a significant oversight.
/Alternatives to S3, like Cloudflare R2, are gaining traction as they eliminate egress fees while maintaining performance.
/kubectl-x enables users to query multiple Kubernetes clusters at once, enhancing management efficiency.
/PostgreSQL's capabilities for AI workloads, particularly through extensions like pgvector, remain underutilized, indicating a gap in awareness of its potential in machine learning.
We processed 10,000+ comments and posts to generate this report.
AI-generated content. Verify critical information independently.
/Claude Code issued Terraform commands that deleted production setups, wiping a database, snapshots, and about 2.5 years of records.
/A DDoS attack against an AWS S3 static site drove 160TB of egress and a roughly $15k bill for the customer.
/Drone strikes damaged AWS data centers in the UAE and Bahrain, causing regional cloud outages tied to conflict with Iran.
/Claude Opus 4.6 found 22 Firefox vulnerabilities in two weeks, including 14 rated high severity and accepted by Mozilla.
/TypeScript 6.0 RC shipped as TypeScript became the most-used language on GitHub, ahead of Python and JavaScript.
On Watch
/Devenv 2.0 landed as a Nix-based dev environment tool explicitly aimed at hiding some of Nix’s complexity, which could move Nix from hobbyist homelabs into more mainstream reproducible dev setups.
/OVHcloud launched a managed Kubernetes service with a free control plane and free egress in EU regions, charging only for worker nodes, which changes the cost profile of small to mid-size clusters.
/QuickJS compiled to WASM now runs untrusted JavaScript in a browser sandbox with about a 25 ms cold start, making in-browser isolation of third-party scripts and agent tools much more practical.
Interesting
/Alibaba tested 18 AI coding agents over 233 days, revealing that 75% of models failed to maintain previously working code during long-term maintenance, highlighting challenges in agent reliability.
/An open-source tool was created to help AI coding agents identify security misconfigurations in infrastructure configurations, addressing a significant oversight.
/Alternatives to S3, like Cloudflare R2, are gaining traction as they eliminate egress fees while maintaining performance.
/kubectl-x enables users to query multiple Kubernetes clusters at once, enhancing management efficiency.
/PostgreSQL's capabilities for AI workloads, particularly through extensions like pgvector, remain underutilized, indicating a gap in awareness of its potential in machine learning.