Real attacks hit the dev stack this round: a poisoned VS Code extension stole thousands of GitHub repos, npm packages were mass-compromised to exfiltrate cloud creds, and even a CISA admin leaked AWS GovCloud keys. At the same time, AI coding stacks jumped forward—Gemini 3.5 Flash and Cursor/agentic tools are faster and more integrated, while MTP makes local LLMs actually competitive if you have the GPU—but they’re also deleting prod databases, spamming bug trackers, and shipping inside rough, quota-bound platforms like Antigravity.
The core tension is that everything making you faster is simultaneously expanding the ways production can break or secrets can leak.
Key Events
/GitHub confirmed a breach via a malicious VS Code extension that exfiltrated about 3,800 internal repositories.
/A major npm supply-chain attack compromised 314 packages with malicious versions targeting AWS keys and GitHub tokens.
/A CISA administrator accidentally leaked AWS GovCloud API keys on GitHub, described as "the worst leak" seen by security practitioners.
/A researcher released a working exploit against BitLocker that bypasses Windows 11's default TPM-only protection, raising backdoor concerns.
/Google launched Gemini 3.5 Flash, a high-speed coding/automation model that ranks top on Zapier's Automation Bench while costing about 3× more than Gemini 3.1.
Report
The sharpest changes this cycle are around your attack surface and your AI helpers. Supply-chain attacks and key leaks are hammering dev tooling at the same time that both cloud and local models just got noticeably faster and more invasive in the workflow.
supply-chain and secret leaks are the main risk to your stack
A major npm attack pushed malicious updates to 314 packages (including @antv and echarts-for-react) in 22 minutes, exfiltrating AWS keys and GitHub tokens from anyone who pulled them.
The npm team bluntly said there was "no way to prevent this," while separate reports describe a hacker group poisoning open source code at unprecedented scale, reinforcing that registry trust alone is unsafe.
On the host side, a malicious VS Code extension breached GitHub and siphoned about 3,800 internal repos, and attackers are now selling the dump on a cybercrime forum.
Even basic credential hygiene is failing, with a CISA admin accidentally committing AWS GovCloud keys to GitHub, widely described as the worst key leak security folks have seen.
endpoint auth and disk encryption assumptions just broke
A security researcher claims BitLocker has an effective backdoor, releasing an exploit that defeats Windows 11’s default TPM-only mode and bypasses what most laptops ship with out of the box.
The exploit specifically targets TPM-only configurations, and many commenters now treat additional protectors (PINs or USB keys) as the only configurations that meaningfully resist physical compromise.
At the same time, Microsoft is killing SMS codes for account sign-in on Windows 11 and pushing passkeys as the default, framing passwords and SMS 2FA as legacy.
Security folks like passkeys for phishing and SIM-swap resistance, but discussions highlight ugly edge cases: XSS can still steal sessions, recovery is messy if a device is lost, and implementations are inconsistent across platforms and SaaS products.
ai coding agents are powerful, but still behave like overeager juniors
Agentic tools are moving from toy to workflow: Cursor’s Composer 2.5 is being praised as an exceptional coding model, can be assigned Jira issues to generate merge-ready PRs, and is notably cheaper than flagship models like Opus 4.7 or GPT-5.5.
Benchmarks and case studies echo that, with companies reporting median 71% productivity gains from agentic AI and GPT-5.5 building the highest-quality emulator in a 24-hour coding-agent challenge.
In practice these agents still act like overeager juniors: Linux security lists are being flooded by low-value AI-generated bug reports, and devs report that Cursor, Claude Code, and Hermes often introduce subtle logic errors or hallucination loops that require careful review.
The blast radius is real—one Cursor agent, via an MCP wrapper, deleted a Railway production database including backups in about nine seconds—and teams are treating autonomous shell/file/network access as a new class of runtime risk.
gemini 3.5 flash and antigravity: fast, multi-agent, and rough
Gemini 3.5 Flash is Google’s new workhorse: it outruns earlier Gemini models on coding and automation benchmarks, ranks at the top of Zapier’s Automation Bench, and pushes over 280 output tokens/sec in real workloads.
That speed isn’t free: it’s roughly 3× the price of Gemini 3.1 and 30× Gemini 1.5, putting it much closer to frontier-model pricing than the "Flash" branding suggests.
On top, Google’s Antigravity 2.0 uses Gemini agents to do headline-grabbing stuff like building an operating system from scratch in about 12 hours with 96 cooperating agents and recreating the AlphaZero paper as a working system.
But dev sentiment is overwhelmingly negative: people report constant bugs, confusing UX and branding, heavy quota throttling, and coding quality that they rate below Codex and other competitors.
The move from a VSCode-style IDE to an opaque Agent Manager plus a closed-source `agy` CLI (replacing `gemini-cli` and dropping ACP support) is landing as a regression for folks who want a predictable editor rather than another experimental agent platform.
local llms with mtp are finally fast enough to matter
Multi-Token Prediction (MTP) just landed in llama.cpp and LM Studio, with users reporting up to about 2.5× faster token generation on local models like Qwen3.6-27B. On dual RTX 3090 setups people are seeing around 1,500 tokens/sec, enough that local inference can keep up with or beat many hosted APIs for interactive work.
The trade-off is resource footprint: MTP models can consume over 20GB more VRAM than non-MTP equivalents, and several reports note slower prompt processing even when generation speeds up.
Quality is also uneven—some users call out degraded formatting, more hallucinations on long conversations, and lower MTP "acceptance rates" when generating structured outputs like JSON or precise code.
Overall, local model performance is crossing into serious-tool territory if high-VRAM GPUs are already on the desk, but the gains are highly workload- and architecture-dependent, especially for Mixture-of-Experts models.
What This Means
AI is colliding with basic engineering hygiene: the same tools that advertise huge productivity gains are arriving in the middle of a messy supply-chain threat landscape, flaky agent behavior, and confusing platform shifts. For working devs, the hard part this cycle is less about which model is smartest and more about which stacks are actually reliable, observable, and secure enough to plug into real systems.
On Watch
/uv is rapidly becoming many devs’ preferred Python dependency manager thanks to fast resolution and reproducible lockfiles, but complaints about a "messy" UX, VS Code quirks, and concerns over OpenAI ownership could shape how widely it lands in production teams.
/Bitwarden quietly removed its "Always free" and "Inclusion" values and brought in a new CEO, raising the likelihood of a pivot toward enterprise focus and changes to its freemium model that would affect how teams manage password infrastructure.
/Anthropic’s acquisition of Stainless, a company building SDKs and MCP server infrastructure, is an early signal that AI vendors may consolidate the SDK/tooling layer, which could increase lock-in pressure around their ecosystems.
Interesting
/Gemini 3.5 Flash is now rolling out in GitHub Copilot, showcasing improved tool use and response times.
/NVIDIA showcased a $249 desktop AI computer capable of running large language models locally, making advanced AI more accessible.
/DeepSeek R2, now open-source, matches GPT-4o on 9 out of 12 benchmarks, offering a cost-effective alternative for developers.
/An async scanner named Specter has been developed, running about 9 times faster than nmap for discovery tasks.
/Cloudflare's integration with Anthropic's Claude Managed Agents aims to provide a controlled environment for autonomous code delivery, reflecting a trend towards more secure AI applications.
We processed 10,000+ comments and posts to generate this report.
AI-generated content. Verify critical information independently.
/GitHub confirmed a breach via a malicious VS Code extension that exfiltrated about 3,800 internal repositories.
/A major npm supply-chain attack compromised 314 packages with malicious versions targeting AWS keys and GitHub tokens.
/A CISA administrator accidentally leaked AWS GovCloud API keys on GitHub, described as "the worst leak" seen by security practitioners.
/A researcher released a working exploit against BitLocker that bypasses Windows 11's default TPM-only protection, raising backdoor concerns.
/Google launched Gemini 3.5 Flash, a high-speed coding/automation model that ranks top on Zapier's Automation Bench while costing about 3× more than Gemini 3.1.
On Watch
/uv is rapidly becoming many devs’ preferred Python dependency manager thanks to fast resolution and reproducible lockfiles, but complaints about a "messy" UX, VS Code quirks, and concerns over OpenAI ownership could shape how widely it lands in production teams.
/Bitwarden quietly removed its "Always free" and "Inclusion" values and brought in a new CEO, raising the likelihood of a pivot toward enterprise focus and changes to its freemium model that would affect how teams manage password infrastructure.
/Anthropic’s acquisition of Stainless, a company building SDKs and MCP server infrastructure, is an early signal that AI vendors may consolidate the SDK/tooling layer, which could increase lock-in pressure around their ecosystems.
Interesting
/Gemini 3.5 Flash is now rolling out in GitHub Copilot, showcasing improved tool use and response times.
/NVIDIA showcased a $249 desktop AI computer capable of running large language models locally, making advanced AI more accessible.
/DeepSeek R2, now open-source, matches GPT-4o on 9 out of 12 benchmarks, offering a cost-effective alternative for developers.
/An async scanner named Specter has been developed, running about 9 times faster than nmap for discovery tasks.
/Cloudflare's integration with Anthropic's Claude Managed Agents aims to provide a controlled environment for autonomous code delivery, reflecting a trend towards more secure AI applications.