alt Hacker NewsJust to clarify, and I know you weren't saying they are related, but this has absolutely nothing to do with AI or vibe coding or manager code.
It's a continuation of the Shai Halud worm and the lack of security around developer dependnecy installations, which has existed for a very long time.
Hackers have figured out that developers themselves are an ideal target due to how easy it is to trick them into installing something and how much private information they have on their machines (creds, cloud clis, mcps, etc.).
Replies
As with many other things, AI exacerbates this problem. It’s so easy for many more of things things to happen unattended and in greater volume, and the AIs themselves can be tricked into doing these things, not helped by their patten of “prompt the user to approve 30 different inscrutable pythons and bash scripts”.
> due to how easy it is to trick them into installing something
You have tools from large corporations where the official installation procedure involves copy pasting a command from a random blog post, run it with sudo and watch it download and execute a script from a random filehost. This is somehow deemed acceptable by everyone involved.
Meanwhile I can't use teams in our meeting rooms, since any form of internet access was deemed a security risk in rooms where customer projects could be discussed. This is in a day and age where 90% of customer meetings are done over the internet.
Anyone trying to follow sane practices in this industry just asks to end up in a padded cell.