#security

6 items tagged #security.

GUIDE 2026-05-11

Secrets, sandboxes, and network isolation when using AI coding tools

Three threat axes in AI coding tools—log exfiltration, tool-call leaks, and supply-chain poisoning—and the mitigations that actually reduce risk.

Owner · 8 min #ai-coding #security

GUIDE 2026-05-11

Codex sandbox mode: what it actually contains and where it leaks

Codex CLI runs every command in a restricted shell by default. Here's what that sandbox actually blocks, how to grant network access when you need it, and what it can't protect you from.

Owner · 7 min #codex #sandbox

GUIDE 2026-05-11

Cursor Privacy mode: what it actually does and what it doesn't

Cursor Privacy mode stops your code from being used for training and stored beyond a request. Here's what that covers, what it doesn't, and where the real gaps are.

Owner · 5 min #cursor #privacy

GUIDE 2026-03-07

Handling secrets safely with Cline: never letting the model see what shouldn't leave your machine

Cline reads files on demand. Without configuration, it'll read your .env file along with everything else. Three patterns prevent secret leakage.

Owner · 4 min #cline #security

BLOG 2026-03-02

The MCP server supply chain question nobody is asking yet

MCP servers are npm packages with deep access to your environment. The supply chain risks aren't being treated as seriously as they should be.

Owner · 5 min #mcp #security

NEWS 2026-02-16

MCP spec 1.1 ships with stronger permissions and authentication

The Model Context Protocol gets a 1.1 spec adding granular permissions, OAuth flows, and signed packages. Addresses real concerns about supply chain risk.

Owner · 3 min #mcp #security