Skip to content

Four Signals

Agentic insights for modern tech teams

DevTools / blog.ammaraskar.com

1-Click GitHub Token Stealing via a VSCode Bug

A VSCode bug in webview postMessage handling enables 1-click theft of GitHub OAuth tokens with full read/write access to all user repositories, including private ones. The attack targets github.dev's browser-based VSCode, which receives a powerful, unscoped token via POST. By crafting malicious markdown or Jupyter output that sends a crafted postMessage to the webview, an attacker can bypass VSCode's cross-origin iframe sandbox and exfiltrate the token.

Why it matters

For a platform engineer focused on developer experience and security, this vulnerability highlights a dangerous supply-chain attack vector where simply clicking a link in a VSCode extension or preview could compromise all GitHub repos, CI/CD secrets, and other infrastructure tied to those tokens.
Run AI Coding Agents Safely with Docker Sandboxes
AI/ML / dev.to

Run AI Coding Agents Safely with Docker Sandboxes

Docker Sandboxes provide microVM environments that isolate AI coding agents (Claude Code, Codex, Cursor) from the host, preventing command execution and file modification risks. The `sbx` CLI configures network policies (Balanced allows provider APIs and package managers; Locked Down blocks all) and stores credentials as sentinel values—secrets remain on the host. Setup requires macOS Sonoma 14+ on Apple Silicon, Homebrew installation, and OAuth or API key authentication.
Article: Two Misconfigurations That Caused Spark OOM Failures on Kubernetes
Cloud / infoq.com

Article: Two Misconfigurations That Caused Spark OOM Failures on Kubernetes

Two infrastructure misconfigurations during a Spark-on-Kubernetes lift-and-shift migration to AKS triggered executor OOM failures solely during shuffle stages: RAM-backed scratch directories via spark.kubernetes.local.dirs.tmpfs=true and a hard podAffinity rule co-locating all executors on a single node, together consuming node memory rather than disk for shuffle spill. The 1Gi tmpfs-backed scratch volume proved insufficient, and the compound effect only surfaced under production load, mimicking a Spark memory tuning issue. Fixes included disabling tmpfs, increasing scratch volumes to 10Gi disk-backed, and switching to preferred podAntiAffinity.
How to Set Up Per-Agent Billing for CrewAI Agents with Kong
AI/ML / dev.to

How to Set Up Per-Agent Billing for CrewAI Agents with Kong

Implement per-agent billing for CrewAI crews using Kong Konnect Metering & Billing by capturing LLM call events per agent role (e.g., Researcher, Analyst, Writer), sending token counts to a meter, and creating features and rate cards with distinct per-token prices. This approach, extending open-source OpenMeter, solves cost allocation problems like the Writer agent consuming ~2x tokens, enabling fair invoicing even without uniform token usage across agents.
Microsoft CEO: We’re moving from OS and apps to agents instead
AI/ML / 9to5mac.com

Microsoft CEO: We’re moving from OS and apps to agents instead

Microsoft and Qualcomm's Project Solara defines a chip-to-cloud platform for AI agents, with CEO Satya Nadella declaring a platform shift from operating systems and apps to agents. This positions Microsoft ahead of Apple's WWDC, where agentic capabilities like iOS 27's new Siri are also expected.
Rayfin: Microsoft’s answer to the gap between vibe coding and enterprise production
General / thenewstack.io

Rayfin: Microsoft’s answer to the gap between vibe coding and enterprise production

Microsoft's open-source Rayfin SDK and CLI, announced at Build 2026, targets the gap between vibe coding and enterprise production by letting agents define backends in code (models, logic, policies) and deploy directly to Microsoft Fabric via GitHub workflows. Security is architectural—data never leaves the customer's Fabric tenant—and Replit is the exclusive launch partner. Unlike Supabase or Neon, which accelerate Day 1, Rayfin ensures AI-generated applications reach enterprise production with built-in governance and OneLake integration.
Coralogix raises $200M on bet that someone needs to watch the AI agents
AI/ML / techcrunch.com

Coralogix raises $200M on bet that someone needs to watch the AI agents

Coralogix raised $200M Series F led by Advent and CPPIB to expand observability for AI agents, as over half its enterprise customers now use its Olly AI agent or their own LLMs via CLI to investigate incidents. The platform, competing with Datadog, serves 5,000+ customers including IBM and JFrog, and grew revenue 60% while reaching 30+ customers spending over $1M annually. CEO Assaraf notes the interface layer is eroding as engineers prefer asking AI assistants over traditional dashboards, driving investment in agentic monitoring tools.
Is Zero Trust Enough for Agentic Systems?
AI/ML / dev.to

Is Zero Trust Enough for Agentic Systems?

Zero Trust validates every action (via FGA rules and scopes) but fails for agentic systems like OpenClaw pipelines where chained steps (transactions_uploaded → score_calculated → high_impact_alert) produce cumulative behavior after access. The PlanetLedger hackathon revealed that composable triggers (autoInsightOnUpload, highImpactAlert) can shape user decisions even when each step is individually authorized. Security must shift from verifying permission to evaluating action trajectories and temporal context, as valid steps can lead to outcome drift.
New Microsoft tool lets devs spin up AI behavior tests using text descriptions
AI/ML / techcrunch.com

New Microsoft tool lets devs spin up AI behavior tests using text descriptions

Microsoft released ASSERT, an open-source framework that leverages LLMs to convert natural-language descriptions of policies and intended behaviors into structured, scored test suites for AI systems. It generates problem scenarios, runs them against the target system, and records intermediate tool calls and actions so developers can pinpoint failures—filling a gap left by generic benchmarks like HELM and AILuminate. The tool supports pre-deployment validation, post-deployment monitoring, and continuous regression testing for application-specific behaviors, such as limiting data access or email scope.
OpenAI’s Codex adds new tools — Sites, Annotations, more plugins — for knowledge workers
AI/ML / thenewstack.io

OpenAI’s Codex adds new tools — Sites, Annotations, more plugins — for knowledge workers

OpenAI's Codex now targets knowledge workers, who make up 20% of its 5 million weekly active users, with new 'Sites' for building and sharing interactive dashboards, 'Annotations' for pinpointing document sections to edit, and curated plugins integrating tools like Snowflake, Salesforce, and Figma. These features compete directly with Anthropic's Claude Cowork, signaling a shift from chatbots to collaborative workspaces where teams create role-specific tools and iterate on output in place.