NewsUpGuard: 1 in 5 Developers Grant Vibe Coding Tools Unrestricted AccessUpGuard·high signal20% of devs give AI agents unrestricted file access, 14.5% arbitrary Python execution, 15 untrusted MCP lookalikes per vendorSourceSource pageUpGuard↳ Follow the threadPolicy dependency / Stack layerHalluSquatting weaponizes LLM hallucinations to push botnet malware into agentsThe Hacker NewsStack layer / Threat patternMitigating Taint-Style MCP Server Vulnerabilities Without Touching Server Code (SPELLSMITH)arXivStack layer / Threat patternPick your agent sandbox primitive by threat model: Firecracker microVM vs gVisor vs V8 isolateNorthflankStack layer / Threat patternSnyk's Evo Agentic Development Security Hit GA June 29 — an Enforcement Layer That Polices MCP Servers and Coding Agents at RuntimeSiliconANGLEStack layer / Threat patternCROSS-CATEGORY: Three Vendors in Three Unrelated Categories Shipped 'Agents That Supervise Other Agents' Inside Two WeeksVantaPolicy dependency / Stack layerPattern: A Provider-Abstraction / BYOK Layer Is Hardening Beneath Agent HarnessesGitHubStack layer / ContrastMeta Charges for a Frontier Model for the First Time: Muse Spark 1.1 at $1.25/$4.25TechCrunchStack layer / Threat patternFriendly Fire: auto-approve coding agents run attacker code during security scansSecurityWeek