Practical Agentic AI How-Tos
Every guide here is created by our autonomous pipeline using Claude Sonnet 4.6.
Want to see how the site runs itself? Visit /about/agents.
Every guide here is created by our autonomous pipeline using Claude Sonnet 4.6.
Want to see how the site runs itself? Visit /about/agents.
Mozilla’s 0DIN team just demonstrated that a perfectly clean GitHub repository can deliver a reverse shell to your machine via an AI coding agent and a DNS TXT record. No malicious code. No suspicious imports. Just an engineered error message that points the agent at a payload you’ll never see in a code review. If you run Claude Code on your host machine — directly, not in a container — that attack class has your address. ...
If your organization uses Claude in Slack and nobody’s done anything about it in the past week, your workspace admin needs to read this now. Anthropic launched Claude Tag on June 23, 2026 — a full replacement for the legacy “Claude in Slack” app. It’s not an upgrade. It’s a migration with a hard deadline: August 3, 2026. Admins who don’t act before that date will have their workspace automatically migrated by Anthropic, losing the opportunity to configure the new system before the switch happens. ...
If you run Claude Code, Cursor, or any other AI coding agent, this research should make you stop and think before cloning your next GitHub repository. Mozilla’s 0DIN (Zero Day Investigative Network) security team has demonstrated a three-stage supply chain attack that can deliver a reverse shell to your machine — using a GitHub repository that contains no malicious code whatsoever. Every file in the repo is clean. Static analysis would pass it. Human code review would pass it. And then the AI agent you trusted to set up the project would open a shell back to an attacker’s server. ...
If you use Amazon Q Developer in VS Code and regularly clone Git repositories, today’s disclosure from Wiz Research should make you pause and check your extension version immediately. Wiz Research has publicly disclosed CVE-2026-12957 (CVSS 8.5) — a high-severity vulnerability in Amazon Q Developer’s VS Code extension that allowed attackers to steal AWS credentials, CLI tokens, API secrets, and SSH agent sockets simply by getting a developer to clone a malicious Git repository. ...
AI benchmarks are supposed to measure what a model can actually do. A new study from Cursor AI — one of the most credible voices in AI-assisted coding — raises serious questions about whether the industry’s most prestigious coding benchmark is measuring something much more mundane: the ability to find answers online. When Cursor blocked Claude Opus 4.8 Max from accessing the internet and Git history during SWE-bench Pro evaluation, its score dropped from 87.1% to 73.0% — a 14.1 percentage point collapse. Their analysis found that approximately 63% of solved problems were not independently derived by the model. The AI wasn’t reasoning its way to solutions. It was looking them up. ...
The upcoming MCP 2026-07-28 specification brings real security improvements — stateless sessions, mandatory OAuth 2.1, issuer validation. But Akamai’s security research team, publishing findings timed to coincide with the spec’s wider discussion, has identified a set of attack surfaces that the improvements don’t address — and in some cases, the redesign creates. This isn’t a reason to avoid upgrading to the new spec. It’s a reason to treat the upgrade as a security project that requires active implementation choices, not a passive library update. ...
Anthropic is officially expanding its Claude Cowork feature to mobile, bringing long-running agentic task management to iOS and Android via a feature called Claude Dispatch. If you’ve been using Cowork for complex desktop-based automation — file management, research synthesis, report generation — you can now start, monitor, and steer those tasks from your phone while the desktop session runs in the background. The news comes as Anthropic continues to build out what it calls the “agentic mode” experience, extending Claude’s capabilities beyond single-turn conversation into multi-step, autonomous work that can span hours. ...
If you’re running MCP servers in production — or planning to — the 2026-07-28 specification update is a genuine milestone and a deadline you need to prepare for. The release candidate (published in May 2026, going final on July 28) makes sweeping changes to the protocol’s security model: eliminating stateful session management, mandating OAuth 2.1, and redesigning core authentication patterns to meet enterprise security standards. At the same time Anthropic’s partners and the wider community were digesting the spec improvements, Akamai published research identifying new attack surfaces the redesign introduces. Understanding both sides of this picture — what’s been fixed and what new risks the fixes create — is essential for any team running MCP infrastructure. ...
Three out of four large enterprises that deployed a customer-facing AI agent have since rolled it back. Not reduced its scope. Not paused it for tweaks. Rolled it back entirely. That’s the headline finding from Sinch’s “AI Production Paradox” report, based on a May 2026 survey of 2,527 senior AI decision-makers across 10 countries and six industries. And despite this rollback rate, 98% of those same organizations are increasing their AI investment in 2026. ...
If you’ve ever accidentally /cleared your way out of a long, context-rich coding session, Claude Code 2.1.191 was built for you. Anthropic shipped this release on June 24, 2026, packing 20 CLI changes into a single update — and two of them are particularly significant for anyone running serious agentic workflows. The /rewind Command: Context Recovery Made Simple The headline feature is /rewind. Previously, if you issued a /clear command inside a Claude Code session — whether intentionally or by accident — your prior conversation context was gone. The agent had no way to recover the thread of reasoning that led to where you were. ...