API Security Escalates: Supply Chain Attacks, Starlette/FastAPI Vuln, AI-Powered Code Security
Key Questions
What supply chain attacks are targeting AI developers?
Fake Claude Code installers distributed via Google Ads are stealing API keys and crypto wallets from tools like Cline and Continue.dev. GitHub also experienced a breach affecting 3,800 internal repositories through a compromised VS Code extension.
What vulnerability affects Starlette and FastAPI users?
A critical vulnerability in Starlette/FastAPI impacts platforms including vLLM and LiteLLM that rely on these frameworks for agent infrastructure. Immediate patching is recommended for affected deployments.
How is Anthropic addressing AI code security?
Anthropic launched the Claude Security public beta (Project Glasswing) in partnership with IBM, identifying over 10,000 flaws. The scanner helps enterprises detect vulnerabilities in AI-generated code.
What funding has Opal Security received and for what purpose?
Opal Security raised $23M to expand its AI-native access governance platform. Databricks uses the solution to manage 86,000 just-in-time access requests.
What security patterns are emerging for AI agents on Kubernetes?
Best practices emphasize short-lived tokens, gateway-level enforcement, and virtual keys with budget limits. These measures help reduce risks when running AI coding tools and agents at scale.
Fake Claude Code installers via Google Ads steal API keys and crypto wallets, targeting Cline/Continue.dev secrets. GitHub breach of 3,800 internal repos via VS Code extension. Critical Starlette/FastAPI vulnerability affects vLLM, LiteLLM, agent platforms. Anthropic launches Claude Security public beta (Project Glasswing) with IBM, finding 10k flaws. 42Crunch AI coding plugins for automated DevSecOps. Rate limiting patterns for AI agents gain attention. WSO2 ThunderID and Agent Fabric for non-human identity governance. New patterns for securing AI agents on Kubernetes emerge, emphasizing short-lived tokens and gateway-level enforcement. Practical guidance on virtual keys and budget limits for AI coding tools emerges. Opal Security raises $23M for AI-native access governance, with Databricks managing 86k just-in-time requests through the platform.