172 npm packages compromised. Every malicious one had a valid SLSA attestation. Deleting the package doesn't help — the worm survives in .vscode/tasks.json and system daemons. Isolate first, rotate tokens second. #supplychain #devsecurity

🚨 A review of 78 studies tested every major AI coding agent. Claude Code. GitHub Copilot. Cursor. All of them fell. ⚠️ Adaptive prompt injection attacks succeeded more than 85% of the time. 📈 These tools run with: 🔑 Developer-level file access 💻 Shell execution rights 🗄️ Database credentials And sometimes, a booby-trapped PDF is enough to trigger real-world execution. One example: CVE-2026-23744 was rated CVSS 9.8. 🚨 The problem? Most people still think about AI coding agents like chatbots. They're not. The better comparison is a privileged insider. 👤 Same access. ⚡ Faster execution. 📄 Willingly follows instructions hidden inside a document it just read. That's a very different threat model. How is your team handling AI coding agent security? 👇 #AIAgents #PromptInjection #DevSecurity #AISecurity #CyberSecurity

🔐 MCP server vulnerability alert: 200k servers at risk. Go serverless for safer deployment! #DevSecurity ift.tt/J2kcEAg

🚨 GitHub Just Got Hacked - And It Started With a VS Code Extension! Hackers from group TeamPCP breached ~3,800 of GitHub's internal repositories by poisoning a developer tool that thousands of devs use every day. 😱 Credentials silently stolen in minutes: AWS keys, npm tokens, Kubernetes configs, GitHub tokens - all gone before anyone noticed. Same day: 637 malicious npm packages Nx Console attacked. This wasn't random - it's a strategy. 🎯 As a PM, this is a reminder: supply chain security isn't just a dev problem - it's a PROJECT risk. Are your teams auditing their tools? 💡 👇 csoonline.com/article/417474… #GitHub #CyberSecurity #ProjectManagement #ITCareer #DevSecurity #SupplyChain #TechNews

If someone DMs you about a $2M crypto project and shares a GitHub repo before a call — do NOT clone it. Here's why. We got approached by a "founder" building a crypto tracking app. Pitched us urgently on hiring AI blockchain devs. Shared a GitHub repo. "Review it before the call." Refused any live demo. Just kept pushing: "invite your devs to the repo." We pushed back. Ran a code audit instead. Here's what was inside: → postcss.config.js — auto-executes the moment you run npm run dev → 5,500 characters of obfuscated payload hidden behind whitespace → Designed to steal SSH keys, AWS credentials, browser sessions, crypto wallets → .env committed to the repo with live secret keys sitting right there → The whole project was a Lovable.dev scaffold with malware dropped on top The "founder" persona was just the delivery mechanism. There was never a hire. The goal was one developer cloning that repo and running it locally. ⚠️ This is not a one-off. These accounts don't look fake. Normal profiles. Years of history. Recommendations, company pages, "ex-CTO of leading firm." Actual Google Meet calls. We've seen this pattern repeatedly in Web3. The project brief is the exploit. The repo is the payload. If you work in Web3 or run a dev agency: 🔴 Never run an unknown repo on your main machine 🟠 Use an isolated VM or sandbox for any test tasks 🟡 Audit dependencies before npm install 🟢 Client refuses a live demo and just wants repo access? That's your answer 🔵 Never keep hot wallets on development devices This is exactly why we built The Signal Market — a marketplace of verified Web3 service partners. Audited, vetted, accountable. No cold DMs. No mystery repos. No "just clone this and run it." (link in the comment below) Shoutout to Marcus Lawton for catching this before anyone got burned. This one could've been bad. 🫡 #Web3 #CyberSecurity #DevSecurity #Crypto #OpenSource

The @bitwarden/cli npm package v2026.4.0 was compromised on April 22, 2026, with a loader fetching Bun to run obfuscated code that stole npm tokens, GitHub keys, SSH keys, and cloud credentials. #DevSecurity #NpmBreach #USA ift.tt/nCyst5l

🎥 The recording is now available for "Securing Coding Agents: Sandboxes, Guardrails, and Real-World Attacks" with Michael Irwin, Principal Software Engineer at Docker! Michael dived into the real ways coding agents go wrong — sandbox bypasses, credential leaks, prompt injections — with live demos of actual attacks and the Docker guardrails built to stop them. One of the most eye-opening sessions at the conference, and one you'll want to revisit. Watch it now and make sure your agents are actually safe. 👇 🔗 Watch the recording: hubs.la/Q04bGvZx0 #agenticai #futureofdataandai #dataandai #aiconference #datasciencedojo #docker #aiagents #devsecurity #agenticsystems #aitutorial

That's a wrap on "From Isolation to Trust: Building Secure Sandboxes for Autonomous AI Agents" with Oleg Šelajev from Docker at the Future of Data and AI: Agentic AI Conference! 🎉 Oleg tackled one of the most pressing challenges in agentic AI — how to give agents the autonomy they need without the security nightmares that come with it. From live demos of the typical mess AI agents create to hands-on workflows for running agents you can actually trust, this was one of the most eye-opening sessions at the conference. Attendees walked away with: - A clear understanding of why basic isolation isn't enough for agentic workloads - Hands-on experience with Docker Sandboxes and how they restrict filesystem access, network, and secret injections - Practical patterns for configuring controlled environments for autonomous agents - A complete end-to-end workflow for running agents securely at production scale Good news for you? We still have 3 more workshops to go. Register now before it's too late: hubs.la/Q04bf_VD0 Docker is the leading platform for containerizing and running applications securely, trusted by millions of developers worldwide to build, ship, and run software reliably across any environment. #agenticai #futureofdataandai #dataandai #aiconference #datasciencedojo #docker #aiagents #devsecurity #agenticsystems #aiworkshop

🔴 Starting in 5 minutes! Michael Irwin, Principal Engineer at Docker, is about to take the stage for his tutorial "Securing Coding Agents with Docker Sandboxes" at the Future of Data and AI: Agentic AI Conference! Expect live demos of real attacks, practical guardrails, and patterns you can apply to your own agents immediately. One of the most eye-opening sessions at the conference — don't miss it! Join now: hubs.la/Q048X2kn0 In this tutorial, you'll learn to: - Explore Docker Sandboxes and the MCP Toolkit for agent security - Prevent attacks like filesystem deletion, API token leaks, and prompt injections - Implement proper guardrails and observability to safely harness agent power - Get sneak peeks of upcoming Docker features for agentic workflows Docker is the leading platform for containerizing and running applications securely, trusted by millions of developers worldwide to build, ship, and run software reliably across any environment. #agenticai #futureofdataandai #dataandai #aiconference #datasciencedojo #docker #aiagents #devsecurity #agenticsystems #aitutorial

🚀 Excited to have Michael Irwin, Principal Software Engineer at Docker, lead a hands-on tutorial at the Future of Data and AI: Agentic AI Conference, April 6–10, 2026! In "Securing Coding Agents: Sandboxes, Guardrails, and Real-World Attacks", Michael dives into the real ways coding agents go wrong — sandbox bypasses, credential leaks, prompt injections — and shows how Docker Sandboxes and the MCP Toolkit provide the guardrails to stop them. Expect live demos of actual attacks and patterns you can apply to your own agents immediately. 🎟️ Save your spot: hubs.la/Q049jGQC0 In this tutorial, you'll learn to: - Identify and block common agent vulnerabilities including sandbox bypasses, API token leaks, and prompt injections - Use Docker Sandboxes and the MCP Toolkit to add guardrails and observability to agentic workflows - Walk away with practical security patterns for giving agents full power — safely Docker is the leading platform for containerizing and running applications securely, trusted by millions of developers worldwide to build, ship, and run software reliably across any environment. #agenticai #futureofdataandai #dataandai #aiconference #datasciencedojo #docker #aiagents #devsecurity #agenticsystems #aitutorial

🚨 axios@1.14.1 and axios@0.30.4 are malicious. They install a RAT on your machine. Dropper self-destructs. npm audit shows nothing. Check now: ls node_modules/plain-crypto-js If it exists — you're compromised. #DevSecurity #npm

🚀 Excited to have Oleg Šelajev, AI & Developer Relations at Docker, lead a hands-on workshop at the Future of Data and AI: Agentic AI Conference — April 9, 9:00–11:00 AM Pacific! In "From Isolation to Trust: Building Secure Sandboxes for Autonomous AI Agents", Oleg tackles the real tension in agentic AI — you want agents that move fast and get things done, but not ones that wipe your home directory or break your system in the process. This is one of the most critical sessions for anyone deploying agents in production. ⚡ Seats are going fast, grab yours before it's full! Register now: hubs.la/Q048G_fF0 In this workshop, you'll learn to: - Understand the typical ways AI agents go wrong in uncontrolled environments - Explore Docker Sandboxes and why basic isolation isn't enough for agentic workloads - Configure restricted filesystem access, controlled network, and secret injections for agent safety - Build an end-to-end workflow for running autonomous agents securely - Walk away with practical patterns for balancing agent autonomy with production-grade security Docker is the leading platform for containerizing and running applications securely, trusted by millions of developers worldwide to build, ship, and run software reliably across any environment. When you register, you get: 🎤 Live Q&A and direct interaction with Oleg Šelajev 💡 Personalized feedback and expert tips 🎥 Access to session recording and slide deck 🎓 Access to exclusive free courses 🏷️ Discount on future bootcamps #agenticai #futureofdataandai #dataandai #aiconference #datasciencedojo #docker #aiagents #devsecurity #agenticsystems #aiworkshop

Fake VS Code alerts with bogus CVE IDs are spreading malware via GitHub Discussions by impersonating maintainers and tagging users. Malware payloads are delivered after profiling victims through JavaScript scripts. #DevSecurity #GitHubAttacks #USA ift.tt/1PcTrBb

🚀 Excited to have Michael Irwin, Principal Engineer at Docker, lead a hands-on tutorial at the Future of Data and AI: Agentic AI Conference, April 6–10, 2026! In "Securing Coding Agents with Docker Sandboxes", Michael dives into the ways coding agents can go wrong and how Docker provides the guardrails and observability to keep them safe. One of the most eye-opening sessions at the conference — expect live demos of real attacks and practical patterns you can apply immediately. Save your spot now: hubs.la/Q048tbM70 In this tutorial, you'll learn to: - Explore Docker Sandboxes and the MCP Toolkit for agent security - Prevent attacks like filesystem deletion, API token leaks, and prompt injections - Implement proper guardrails and observability to safely harness agent power - Get sneak peeks of upcoming Docker features for agentic workflows Docker is the leading platform for containerizing and running applications securely, trusted by millions of developers worldwide to build, ship, and run software reliably across any environment. #agenticai #futureofdataandai #dataandai #aiconference #datasciencedojo #docker #aiagents #devsecurity #agenticsystems #aitutorial

🚀 Excited to have Oleg Šelajev, AI & Developer Relations at Docker, lead a hands-on workshop at the Future of Data and AI: Agentic AI Conference — 9:00–11:00 AM Pacific! In "From Isolation to Trust: Building Secure Sandboxes for Autonomous AI Agents", Oleg tackles the real tension in agentic AI — you want agents that move fast and get things done, but not ones that wipe your home directory or break your system in the process. This session introduces Docker Sandboxes as a new primitive for running agents you can actually trust. ⚡ Seats are going fast, grab yours before it's full! Register now: hubs.la/Q048tD-B0 In this workshop, you'll learn to: - Understand the typical ways AI agents go wrong in uncontrolled environments - Explore Docker Sandboxes and why basic isolation isn't enough for agentic workloads - Configure restricted filesystem access, controlled network, and secret injections for agent safety - Build an end-to-end workflow for running autonomous agents securely - Walk away with practical patterns for balancing agent autonomy with production-grade security When you register, you get: 🎤 Live Q&A and direct interaction with Oleg Šelajev 💡 Personalized feedback and expert tips 🎥 Access to session recording and slide deck 🎓 Access to exclusive free courses 🏷️ Discount on future bootcamps #agenticai #aiconference #datasciencedojo #docker #aiagents #devsecurity #agenticsystems #aiworkshop

How do you store secrets in apps you ship? • .env files • secret managers • something else Share a quick reason and one real world example. #DevSecurity

🚀 Excited to have Oleg Šelajev, AI & Developer Relations at Docker, lead a hands-on workshop at the Future of Data and AI: Agentic AI Conference — 9:00–11:00 AM Pacific! In "From Isolation to Trust: Building Secure Sandboxes for Autonomous AI Agents", Oleg tackles the real tension in agentic AI — you want agents that move fast and get things done, but not ones that wipe your home directory or break your system in the process. This session introduces Docker Sandboxes as a new primitive for running agents you can actually trust. In this workshop, you'll learn to: - Understand the typical ways AI agents go wrong in uncontrolled environments - Explore Docker Sandboxes and why basic isolation isn't enough for agentic workloads - Configure restricted filesystem access, controlled network, and secret injections for agent safety - Build an end-to-end workflow for running autonomous agents securely - Walk away with practical patterns for balancing agent autonomy with production-grade security 🎟️ Save your spot: hubs.la/Q047yz8v0 #agenticai #aiconference #datasciencedojo #docker #aiagents #devsecurity #agenticsystems #aiworkshop

🚀 Excited to have Oleg Šelajev, AI & Developer Relations at Docker, lead a hands-on workshop at the Future of Data and AI: Agentic AI Conference — April 9, 9:00–11:00 AM Pacific! In "From Isolation to Trust: Building Secure Sandboxes for Autonomous AI Agents", Oleg tackles the real tension in agentic AI — you want agents that move fast and get things done, but not ones that wipe your home directory or break your system in the process. This session introduces Docker Sandboxes as a new primitive for running agents you can actually trust. In this workshop, you'll learn to: - Understand the typical ways AI agents go wrong in uncontrolled environments - Explore Docker Sandboxes and why basic isolation isn't enough for agentic workloads - Configure restricted filesystem access, controlled network, and secret injections for agent safety - Build a end-to-end workflow for running autonomous agents securely - Walk away with practical patterns for balancing agent autonomy with production-grade security 🎟️ Save your spot: hubs.la/Q046P5Bv0 #AgenticAI #FutureOfAI #AIConference #Docker #AIAgents #DevSecurity #AgenticSystems #AIWorkshop

We're excited to welcome Oleg Šelajev, AI & Developer Relations at Docker, to the Future of Data and AI: Agentic AI Conference, April 6–10, 2026! 🐳 Oleg will be leading the hands-on workshop "From Isolation to Trust: Building Secure Sandboxes for Autonomous AI Agents", diving into Docker Sandboxes, a new primitive designed to let agents operate in a restricted environment with controlled filesystem access, network, and secret injections, so you get full agent autonomy without the security nightmares. Oleg is a developer advocate at Docker working at the intersection of AI, developer productivity, and tooling. A Java Champion, Microsoft MVP, and Docker Captain, he's an author, speaker, and builder with deep expertise across languages and ecosystems, bringing both technical depth and a knack for making complex systems approachable. 🎟️ Reserve your spot now: hubs.ly/Q046K2tD0 #AgenticAI #AIConference #Docker #AIAgents #DevSecurity

Tweet 1/6 🚨 Vibe-coding is exploding: describe your app in plain English, let AI spit out working code in seconds! 🔥 Super fast for prototypes & ideas. But skipping deep reviews? That's a recipe for disaster. Time to talk safeguards! 🛡️ #VibeCoding #AICoding #DevSecurity