Vulnerability in Amazon Q for VS Code allows credential theft through manipulated repositories and reveals systemic risks in AI-powered developer tools.
Vulnerability in Amazon Q for VS Code allows credential theft through manipulated repositories and reveals systemic risks in AI-assisted developer tools.
VMware Tanzu Spring Framework is affected by multiple vulnerabilities that enable privilege escalation, remote code execution, denial of service, and additional attack scenarios.
Hugging Face Transformers allows silent remote code execution via obfuscated parameters in model configurations as long as the optional kernels package is installed (CVE-2026-4372, patched in 5.3.0).
Anthropic isolates Claude agents through multi-layered sandboxes (gVisor, Seatbelt, Bubblewrap, VMs) with explicit boundaries for data access, filesystem, and egress control.
Anthropic introduces Tool Search, Programmatic Tool Calling, and Tool Use Examples, enabling AI agents to work with thousands of tools without exhausting context, with internal tests showing significant improvements in memory efficiency and error reduction.