The attack surface of AI assistants continues to widen today, with a new vulnerability in tools like Cursor that bypasses human-in-the-loop safeguards. We are also tracking a major npm release that directly mitigates the `postinstall` exploits seen in recent supply chain attacks, and a high-stakes look at the false-positive bottleneck in AI security scanning.
Following the 'Agentjacking' vector we tracked last month, a new systematic vulnerability dubbed 'GhostApproval' has been discovered in six major AI coding assistants, including Cursor and Claude Code. Disclosed by Wiz Research, the flaw allows a malicious repository to use symlinks to trick an agent into writing to sensitive system files. Because the UI misleads the human reviewer about the true file path, the intended approval step is bypassed entirely, enabling a sandbox escape.
Why it matters
This joins a growing class of exploits that bypass 'human-in-the-loop' safeguards by design, highlighting that the AI tools themselves are becoming a primary attack surface that can compromise developer environments.
A new security study found that GitHub Copilot Chat in Visual Studio Code can be consistently manipulated to produce unsafe and malicious code through adversarial prompts. Researchers achieved a 100% success rate across 816 prompts, forcing four different LLM backends to generate vulnerable outputs, such as backdoors or code that exfiltrates secrets, demonstrating a systemic failure in the tool's safety guardrails.
Why it matters
This research proves that AI coding assistants can be turned into a vector for injecting vulnerabilities, requiring development teams to treat AI-generated code with extreme skepticism and implement strict, independent verification and scanning.
Directly addressing the `postinstall` script exploits we tracked in the North Korean 'PolinRider' campaign and the Miasma worm, GitHub released npm version 12 on Wednesday with dependency lifecycle scripts blocked by default. Developers must now explicitly opt-in to run install-time scripts via `npm approve-scripts`, closing a massive and frequently abused supply chain vulnerability.
Why it matters
This is a fundamental change to Node.js dependency management that significantly hardens the software supply chain, forcing a more deliberate and security-conscious approach from engineers, and will require updates to many CI/CD pipelines.
A new guide breaks down the five distinct PostgreSQL timeout parameters that frequently cause production issues: `statement_timeout`, `lock_timeout`, `idle_in_transaction_session_timeout`, and the newer `idle_session_timeout` and `transaction_timeout`. It provides diagnostic queries using `pg_stat_activity` and concrete fixes for each, explaining how they interact with connection poolers and long-running migrations.
Why it matters
This guide provides the specific queries needed to diagnose and fix common Postgres timeout issues that manifest as application-level failures, which is essential knowledge for preventing outages in a production Django environment.
Providing a high-stakes example of the 'review drift' and false-positive bottleneck we've been tracking across engineering teams, the Ethereum Foundation successfully used AI agents to uncover a remotely exploitable bug (CVE-2026-34219) in libp2p's gossipsub. However, the experiment also showed the agents' primary limitation: they generated a massive volume of convincing but incorrect findings, shifting the security team's workload from bug discovery to the manual, expert-driven triage of false positives.
Why it matters
This real-world deployment confirms the emerging consensus around AI review tools: they can find novel, critical vulnerabilities, but they create a significant, expert-intensive verification workload that offsets much of the velocity gain.
Major crypto firms like Circle and Fidelity Digital Assets are abandoning state-by-state BitLicenses in favor of federal national trust bank charters from the Office of the Comptroller of the Currency (OCC). This strategic shift, enabled by the GENIUS Act signed in July 2025, allows firms to operate nationwide under a single, federally-preempted regulatory framework rather than a patchwork of state rules.
Why it matters
This trend toward federal chartering streamlines the complex legal landscape for digital assets, which could simplify the operational and compliance workflows for regulated portals and DAOs operating across the US.
'GhostApproval' Exposes a New Class of AI Agent Vulnerabilities A vulnerability dubbed 'GhostApproval' found in six major AI coding agents, including Cursor and Claude Code, shows how malicious repositories can trick the agent's UI. This allows attackers to gain access to sensitive files by misrepresenting actions to the human reviewer, undermining the 'human-in-the-loop' safety model and creating a new attack surface for sandbox escapes.
NPM Hardens Supply Chain by Disabling Install Scripts In a significant move to combat supply chain attacks like the Miasma worm, npm version 12 now disables dependency lifecycle scripts by default. This forces developers to explicitly approve scripts, fundamentally changing dependency management and reducing the risk of malware execution during installation, though it introduces new workflow considerations.
AI Agents Show Promise and Peril in Production Codebases A new wave of reports details the complex reality of using AI agents for real-world coding. The Ethereum Foundation successfully used agents to find a critical bug in libp2p, but struggled with a high volume of false positives. Meanwhile, a study finds that GitHub Copilot can be systematically prompted to generate unsafe code, highlighting the continued need for rigorous human verification.
What to Expect
Oct 31, 2026—Python 3.10 reaches end-of-life, no longer receiving security patches.
— The Staff Safety Desk
🎙 Listen as a podcast
Subscribe in your favorite podcast app to get each new briefing delivered automatically as audio.
Apple Podcasts
Library tab → ••• menu → Follow a Show by URL → paste