Cordyceps flaw hijacks CI/CD, Ornith-1.0 rewrites code
Novee Security’s Cordyceps pattern shows that an unauthenticated GitHub account can hijack CI/CD workflows, exposing 300+ open‑source projects to supply‑chain compromise. The finding forces teams to treat pipeline YAML as code and audit who can trigger builds, what permissions they hold, and how secrets are exposed.
Ornith‑1.0 introduces a self‑improving training loop that builds its own task scaffolds before generating code, cutting the need for hand‑crafted harnesses. The open‑source models, from 9 B to 397 B parameters, hit state‑of‑the‑art scores on Terminal‑Bench and SWE‑Bench, rivaling Claude Opus. This could streamline CI pipelines by reducing prompt engineering and improving reliability.
Feature flag migrations don’t have to cause outages. Datadog’s guide shows how to run legacy and new flag systems in parallel, validate logic parity, freeze configurations, and cut over incrementally, turning a risky cutover into a controlled, reversible rollout.
Herdr is a lightweight (~10 MB) Rust terminal multiplexer that treats each AI coding agent as a real terminal pane. It shows blocked, working, or done status at a glance, persists sessions across disconnects, and runs anywhere via SSH, no GUI, no telemetry.
Lightrun’s Runtime‑Aware PR Verifier attaches a production‑risk score to every pull request by simulating the change against live execution paths. Teams can now catch AI‑generated bugs or performance hits before code lands, cutting redeploy cycles and reducing exposure to hidden production failures.
LLM outputs drift silently, so deterministic pass/fail tests never flag regressions. The article proposes release gates that monitor eval drift, distribution shift, and cost/latency, turning CI/CD into behavior‑based checks. Applying these guards prevents silent failures like outdated recommendations reaching users.
The piece argues that AI agents inherit reliability from the surrounding infrastructure, checklists, redundancy, monitoring, not from the model alone. It draws on airline, hospital, and sales systems that embed safeguards, then shows how those same systemic guardrails are needed for trustworthy AI deployments.
Cloudflare is shifting from blocking AI crawlers to monetizing the AI‑driven web, introducing "Pay Per Use" models that pay publishers when their content fuels AI answers. By building routing, billing and attribution infrastructure, it aims to become the financial backbone of the emerging agentic economy, reshaping how sites earn from AI traffic.
OmniRoute bundles 237 AI providers, including 50+ free‑tier services, into a single local proxy, exposing one endpoint for Claude, GPT, Gemini, and more. Its token‑compression and auto‑fallback let developers tap up to 2.1 billion free tokens per month without juggling keys or rate limits, cutting API costs dramatically.
GitHub tackled over 20,000 secret‑scanning alerts across 15,000 repos, filtering out false positives and building cross‑team remediation playbooks. By prioritizing real risks and automating safe removal, they hit inbox zero in nine months, an actionable roadmap for any org wrestling with secret‑scan noise.
Subscribe free