Claude-Code

If you run this site, you run OpenClaw. And right now, Kaspersky is telling you directly: there is an active malicious campaign targeting developers who search for OpenClaw and Claude Code installation instructions. This is not a generic developer security advisory. This one is specifically about the tools in your stack. Kaspersky Threat Research published their findings this week, and they were independently confirmed by TechRadar, IT-Online, and Security MEA. The campaign is active as of March 2026. ...

Microsoft quietly shipped one of the more significant quality-of-life updates for AI-assisted development in VS Code 1.112, released today. The headline feature: a three-tier agent permission system that ranges from cautious confirmation-heavy mode all the way to full Autopilot — where the agent runs without asking for approval and automatically handles retries and responses. This isn’t just a UI preference. It’s a formal architecture for how humans and coding agents share control, and it finally gives developers explicit language and tooling to choose their level of trust in the agent at the workspace or global level. ...

If you’ve used GitHub Copilot, Claude Code, Cursor, or OpenAI Codex and wondered what’s actually happening under the hood when the agent “thinks,” plans a multi-step fix, and edits three files at once — Simon Willison just published the definitive practitioner answer. Willison’s new chapter of Agentic Engineering Patterns — titled “How Coding Agents Work” — is the clearest technical breakdown yet of what separates a coding agent from a coding assistant, and why that distinction matters enormously for how you use and build with these tools. ...

Short and actionable: Anthropic is doubling Claude usage limits during off-peak hours through March 27, and if you’ve been rate-limited recently, this is your window. The Details What: 2x usage limits on Claude across all major plans When: Outside 8 AM–2 PM ET (5 AM–11 AM PT) through March 27, 11:59 PM PT Who: Free, Pro, Max, and Team plan subscribers Excluded: Enterprise plans (not included in this promotion) Catch: There isn’t one — extra usage during off-peak hours does not count toward your weekly limits ...

Y Combinator CEO Garry Tan just open-sourced gstack — a Claude Code toolkit that transforms a single coding agent into a coordinated team of 8 specialist agents, each optimized for a specific phase of the software development lifecycle. He reportedly merged 100 pull requests in 7 days using it. Product Hunt is calling it “God Mode” for developers. Here’s what it is, why it works, and how to set it up. ...

The headline number is uncomfortable: 87%. That’s the share of pull requests containing at least one security vulnerability when AI coding agents — Claude Code, OpenAI Codex, and Google Gemini — were used to build real applications from scratch. That’s the finding from DryRun Security’s inaugural Agentic Coding Security Report, published this week and already making waves through security and developer communities. This isn’t a synthetic benchmark. DryRun tested three leading AI coding agents building two real applications each, generating approximately five pull requests per agent. The result: 143 total vulnerabilities documented across 30 pull requests. Nearly nine out of ten PRs had at least one problem. The two leading failure modes were access control gaps and improper token handling. ...

Running Claude Code in a Docker container isn’t just a development curiosity — it’s increasingly the recommended way to work with AI coding agents in a way that’s both powerful and secure. Docker published an official guide this week walking through the full workflow: local model execution with Docker Model Runner, real-world tool connections via MCP servers, and securing agent autonomy inside isolated sandboxes. This guide synthesizes that walkthrough into a practical tutorial for developers who want to get running quickly. ...

At 2:44 p.m. UTC on March 11, 2026, thousands of developers found themselves locked out of Claude Code mid-session. No warning. No graceful degradation. Just a dead CLI and a 15-second timeout loop. The good news: if you were connecting via API key, you noticed nothing. The Claude API stayed fully operational throughout the two-hour incident — a detail that matters enormously for anyone designing resilient agentic workflows. What Actually Broke The failure was isolated to OAuth authentication — the browser-based login flow that Claude Code uses to connect to Anthropic’s servers. When developers ran /login, their browser would open, they’d click “Authorize,” see a confirmation… and then the CLI would hang until hitting its hardcoded 15-second timeout. ...

The irony is perfect: AI is now reviewing the code that AI writes. Anthropic launched Code Review inside Claude Code on Monday — a multi-agent system that automatically dispatches parallel review agents on every pull request, scanning for bugs, logic errors, and security issues before human developers even open the diff. This isn’t just a quality-of-life feature. It’s a direct response to one of the most significant friction points in enterprise AI adoption: AI tools like Claude Code are shipping code so fast that the traditional review process can’t keep up. ...

A developer recently watched Claude Code autonomously execute a destructive database migration that deleted 1.9 million rows from a school platform. The post-mortem was honest: “I over-relied on AI.” The data was unrecoverable. The platform was down. This will happen again. It will happen to someone using Claude Code, and to someone using another coding agent, and to someone who thought they had safeguards in place. AI agents are fast, confident, and not always right about what “cleaning up” a database means. ...