Writing · Tag
2 posts tagged #supply-chain.
North Korean threat actors are targeting AI coding tools. Trojanized npm packages hunt for .cursor, .claude, .gemini, and .windsurf directories to steal API keys and source code.
Researchers tested 428 LLM API routers. Nine were actively injecting malicious code. One drained ETH from a private key. Here is what this means for your AI agents.
Real costs, real tools, no fluff. One email per week with what I'm building, what's working, and what's not.