GitHub continues to be a scintillating target for attackers because it sits in the middle of the software supply chain and gives threat actors three things they crave: source code, secrets, and automated pipelines to run amok in.
Datadog Security Research has been tracking what it calls a “sustained pattern” of GitHub API abuse over the past several months that seeks to map organizations and their members. While individually these requests are “unremarkable,” they become dangerous when they move across environments for weeks at a time, and, worse, progress to full-out cloning. The biggest challenge is that they blend into normal API usage patterns.
GitHub has been a goldmine for criminals looking to breach organizations because many development lifecycles are insecure, said David Shipley of Beauceron Security. Typically, threat actors are after API keys and cloud secrets.
“Now with everyone being pushed to do more, faster, with AI agents coding, the treasure trove of secrets is likely
The post When Employees Start Working For The Metrics Instead Of The Mission appeared on BitcoinEthereumNews.com.
When Employees Start Working For The Metric Instead Of The Mission getty I never loved taking statistics courses in school, and yet somehow that education influenced me more than I ever expected. I now find myself trying to quantify things I never used to think about. There is tremendous value in being able to predict performance, and many of the tools organizations use help leaders improve results. They rely on performance metrics to evaluate everything from customer satisfaction to productivity. Used well, those metrics help identify problems, reveal opportunities, and support better decisions. Used poorly, they can produce exactly the opposite of what leaders intended. The moment employees understand how their performance will be measured, many begin adjusting their behavior to improve the metric rather than the outcome the metric was designed to represent. I saw that of
Google AI Studio is rolling out Import from GitHub in Build mode. It transforms an existing repo into a runtime-compatible format. You can then iterate on it, deploy it, and more. Here is what changes for developers.
The post Google AI Studio Adds ‘Import from GitHub’ to Build Mode, Turning an Existing Repo Into an Editable, Deployable App appeared first on MarkTechPost.
Anthropic is bringing its Claude Cowork AI agent to web and mobile platforms, a move aimed at helping enterprise users monitor and manage long-running AI-driven tasks from anywhere as organizations increasingly adopt agents for operational and knowledge work.
The rollout, according to the company, is based on an analysis of 1.2 million anonymized and aggregated Claude Cowork sessions conducted between May 11 and May 31 that showed that business process and operations accounted for the largest share of the AI agent’s usage at 33.4%, followed by content creation and copywriting at 16.4%, the company wrote in a blog post.
Software development represented only 8.7% of sessions, ahead of DevOps and infrastructure at 7%, along with research and intelligence at 6.4%, and data analysis and business intelligence (5.8%).
Cowork’s expansion, which is currently in beta, will allow users to start and manage Claude Cowork sessions directly from the Claude interface on the web and mobile, while enabl
A prompt injection attack can trick GitHub’s preview Agentic Workflows into retrieving content from private repositories and publishing it publicly, exposing a broader risk as enterprises deploy AI agents with privileged access to software development environments, according to new research from Noma Security.
The AI security company detailed the attack, dubbed GitLost, in a blog post, saying an unauthenticated attacker could exploit GitHub’s preview Agentic Workflows by submitting a crafted GitHub issue to a public repository. If the AI agent has read access to private repositories within the same organization, it can retrieve sensitive information and publish it in a public comment, the company said.
GitHub Agentic Workflows combine GitHub Actions with AI models such as Claude or GitHub Copilot, allowing developers to define workflows in Markdown. At the same time, AI agents read issues, invoke tools, and perform tasks on their behalf.
“What will happen when the GitHub agent reads so
The post Q1 2026 Data Shows Open Source Collaboration Hits New Highs appeared on BitcoinEthereumNews.com.
Timothy Morano
Jul 07, 2026 16:55
GitHub’s Q1 2026 Innovation Graph reveals 16% growth in cross-border developer collaboration, the fastest pace since Q2 2020.
GitHub’s Innovation Graph for Q1 2026 confirms a surge in global open-source collaboration, with cross-border developer activity growing 16% quarter-over-quarter. This marks the second-highest growth rate since tracking began in 2020, trailing only the 21% spike seen in Q2 2020 during the initial pandemic-driven tech boom. The ‘economy collaborators’ metric, which tracks the total volume of git pushes and pull requests between developers across different economies, highlighted this acceleration. The data suggests that open-source software development is continuing to break down borders, with a sharp rise in international contributions. Key Highlights by Economy While the growth is global, regional trends st
Microsoft has fitted the June 2026 update to Visual Studio IDE with a GitHub Copilot usage window that gives a clearer view of where a user stands against the GitHub’s new usage-based model. The update also adds trust validation for Model Context Protocol (MCP) servers.
GitHub Copilot usage now is calculated based on token consumption rather than by request, as part of GitHub’s new usage-based billing model, Microsoft said on June 30. The refreshed usage window in Visual Studio gives a clearer view of the stance against that model, with real-time updates as the developer works. This can be opened by selecting Copilot Usage from the Copilot badge menu.
GitHub Copilot switched to usage-based billing on June 1.
Also with the June update, Visual Studio now validates MCP server trust in two places during startup. Before the MCP server process starts, the current configuration is compared against a previously trusted baseline. After it starts, the fingerprint of its tools, prompts, resourc
Developers looking to curb the cost of AI-powered coding tools have increasingly turned to the “Caveman” prompting style, which instructs coding assistants to communicate in blunt, telegraphic language and avoid conversational padding. The theory is simple: fewer words mean fewer tokens, translating into lower inference costs for organizations deploying AI agents at scale.
A new test from IDE maker JetBrains confirms that terse prompting styles such as the viral open-source Caveman project can reduce token usage without hurting coding performance. However, the company found that the savings were far smaller than supporters claim.
JetBrains used the Harbor open-source evaluation framework and tasks from SkillsBench for its test, and found that the Caveman technique reduced usage of output tokens by about 8.5%, far below its claimed 65%.
The IDE-maker ran paired benchmarks across 86 real-world software engineering tasks in Claude Code, comparing coding sessions that used the Caveman pro
With the rapid progress of AI capabilities and the move to agentic systems, organizations are expanding their use cases as the technology continues to grow. That constant evolution also introduces risk, leaving IT leaders to wonder which investments will prove valuable even six months into the future. Returning to the foundational elements of AI architecture—the…