May 8, 2026: AI updates from the past week — Coder Agents Launch, Snyk-Claude partnership, Opsera-Cursor partnership, and more

Agile software development has been around since the 1990s, but didn’t get the name until the famous meeting of 17 renowned ...
InfoQ

GitHub Enhances CodeQL with Declarative Security Modeling for Faster, More Flexible Analysis

GitHub has introduced a significant update to its CodeQL engine, enabling developers to define custom sanitizers and ...
Forbes

How Claude Mythos Wiped Billions Out Of Cybersecurity Stocks

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. A smartphone displays the Project Glasswing logo with the dedicated webpage in the ...
Forbes

The Shift From Static Security Tools To Prompt-Driven Engineering

For decades, engineering security workflows followed a pattern: Static analysis tools scanned codebases and generated findings for developers to review. SAST and DAST analyzed applications to surface ...
Dark Reading

Checkmarx KICS Code Scanner Targeted in Widening Supply Chain Hit

Hard on the heels of a broad supply chain attack that impacted the Aqua Security-maintained Trivy open source security-scanner project, Checkmarx on Tuesday disclosed that attackers had compromised a ...
The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As ...
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
csis.org

AI-Driven Code Analysis: What Claude Code Security Can—and Can’t—Do

Q1: How does Claude Code Security function—and how does it differ from traditional static application security testing (SAST)? A1: Conventional rule-based static analysis uses pattern matching, ...
financefeeds

AI‑Driven Smart Contract Analysis and Auditing: Enhancing Blockchain Security

Smart contracts are the backbone of decentralized applications, decentralized finance (DeFi), and blockchain ecosystems. Unlike traditional software, once deployed, smart contracts are immutable, ...
VentureBeat

Claude Code just got updated with one of the most-requested user features

Anthropic's open source standard, the Model Context Protocol (MCP), released in late 2024, allows users to connect AI models and the agents atop them to external tools in a structured, reliable format ...
CSOonline

Output from vibe coding tools prone to critical security flaws, study finds

Popular vibe coding platforms consistently generate insecure code in response to common programming prompts, including creating vulnerabilities rated as ‘critical,’ new testing has found. Security ...