snyksec.hashnode.devHow “Clinejection” Turned an AI Bot into a Supply Chain AttackOn February 9, 2026, security researcher Adnan Khan publicly disclosed a vulnerability chain (dubbed "Clinejection") in the Cline repository that turned the popular AI coding tool's own issue triage bot into a supply chain attack vector. Eight days l...2h ago·11 min read
snyksec.hashnode.devHow “Clinejection” Turned an AI Bot into a Supply Chain AttackOn February 9, 2026, security researcher Adnan Khan publicly disclosed a vulnerability chain (dubbed "Clinejection") in the Cline repository that turned the popular AI coding tool's own issue triage bot into a supply chain attack vector. Eight days l...1d ago·11 min read
snyksec.hashnode.devExploitability Isn’t the Answer. Breakability Is.The AppSec paradox: Why aren’t we fixing more? Why don’t developers fix every AppSec vulnerability, every time, as soon as they’re found? The most common answer? Time. Modern security tools can surface thousands of vulnerabilities in a given codebase...Feb 14·5 min read
snyksec.hashnode.devThe Future of AI Agent Security Is GuardrailsIf you've been paying attention to the AI agent space over the past few months, you've probably noticed a pattern: every week brings a new story about an AI agent doing something it absolutely should not have done: reading private emails, exfiltratin...Feb 14·15 min read
snyksec.hashnode.devWhy Your “Skill Scanner” Is Just False Security (and Maybe Malware)Maybe you’re an AI builder, or maybe you’re a CISO. You've just authorized the use of AI agents for your dev team. You know the risks, including data exfiltration, prompt injection, and unvetted code execution. So when your lead engineer comes to you...Feb 13·6 min read