One breach after another - Ben's Bites

Source: original

One breach after another

separate and sandbox your agent's access

Mar 31, 2026

Security issues are popping up all over.

Railway accidentally let unauthenticated users access data that should’ve been behind an auth wall.

Mercor AI has allegedly been breached.

Claude Code’s source code has been leaked - and the community are going crazy saving copies on GitHub. Docs from the codebase.

And, Axios, with 100M weekly installs got compromised through package manager, npm when one of the lead maintainers’ GitHub accounts was hijacked. npm has removed the malicious versions now. (Claude code uses axios)

Like manufacturing, code has a supply chain.

When working with software, it relies on other software. Instead of writing all the other code into your project, you install a package through a package manager - agents do this very frequently on your behalf.

One package, Axios, was compromised, which means if an agent (or you) ran the install command, a malicious package is now on your computer.

This will stress the importance of sandboxes. Tools like Claude Cowork and Codex do this for you by running commands in a sandbox, a computer with a copy of your current folder isolated from your computer. So if any bad code sneaks in, it doesn’t mess up your actual stuff!

I sent this to my agents this morning:

there’s been a security breach https://markdown.new/socket.dev/blog/axios-npm-package-compromised

make sure this computer and my mac-mini have not been compromised

What am I building this week?

Ben’s Bites is brought to you byAttio, the AI CRM

Honestly, no one gets excited about a CRM. But then they try Attio. It connects to Claude Code and n8n through its MCP server, completely bridging the gap between my customer data and apps. Wait, there’s more, like flagging churn risk and turning customer feedback into Linear projects. Try it now.

Headlines

My feed

Afters

Boris Cherny@bchernyI wanted to share a bunch of my favorite hidden and under-utilized features in Claude Code. I'll focus on the ones I use the most. Here goes.3:12 AM · Mar 30, 2026 · 3.42M Views519 Replies · 2.37K Reposts · 21.9K LikesAndrej Karpathy@karpathy- Drafted a blog post - Used an LLM to meticulously improve the argument over 4 hours. - Wow, feeling great, it’s so convincing! - Fun idea let’s ask it to argue the opposite. - LLM demolishes the entire argument and convinces me that the opposite is in fact true. - lol The3:56 PM · Mar 28, 2026 · 3.19M Views1.68K Replies · 2.39K Reposts · 30.7K LikesDan McAteer@daniel_mac8This is amazing. Do this. 3:30 PM · Mar 28, 2026 · 593K Views74 Replies · 1.14K Reposts · 15.7K LikesCheng Lou@_chenglouMy dear front-end developers (and anyone who’s interested in the future of interfaces): I have crawled through depths of hell to bring you, for the foreseeable years, one of the more important foundational pieces of UI engineering (if not in implementation then certainly at 2:09 AM · Mar 28, 2026 · 21.7M Views1.26K Replies · 7.92K Reposts · 62.8K LikesWim Cools@wcoolsreal-time docs in the browser vs offline markdown access? both! 5:09 PM · Mar 26, 2026 · 60.8K Views35 Replies · 31 Reposts · 696 LikesChris Tate@ctatedevNew: @𝚓𝚜𝚘𝚗-𝚛𝚎𝚗𝚍𝚎𝚛/𝚗𝚎𝚡𝚝 Prompt → JSON → Full Next.js app Routes, layouts, SSR, metadata, data loaders, static generation. For AI website builders. Internal tool generators. CMS-driven apps. White-label SaaS. One JSON spec, entire multi-page app. 11:26 PM · Mar 27, 2026 · 82.4K Views35 Replies · 42 Reposts · 842 LikesAmir Efrati@amirnew: ChatGPT sneezes out a few ads, is already at $100m annualized sales. [theinformation.com/briefings/excl…](https://www.theinformation.com/briefings/exclusive-openai-surpasses-100-million-annualized-revenue-ads-pilot?rc=c48ukx) @steph_palazzolo8:50 PM · Mar 26, 2026 · 13.3K Views9 Replies · 11 Reposts · 129 Likes

Loading...

* sponsors who make this newsletter possible :)
Email us atshanice@bensbites.com or k@bensbites.com

PreviousNext