Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On May 11, 2026, the TanStack namespace was hit by a "Mini Shai-Hulud" supply chain attack. Unlike typical attacks, this did not involve stolen credentials; instead, the threat group TeamPCP hijacked the legitimate GitHub Actions release pipeline. This video covers the technical details of the OIDC token extraction, the "Dead Man's Switch" that triggers a rm -rf / upon credential revocation, and the mandatory remediation order you must follow to save your data. We also discuss how to harden your workflow using release-age cooldowns and OIDC pinning.

Are you confused by the terminology surrounding AI coding tools? You aren't alone. In this video, we break down the four essential components that transform a basic LLM into a powerful coding agent: Rules, Skills, Hooks, and the Model Context Protocol (MCP).

GPT-5.5 vs Claude Opus 4.7 - two flagship AI models dropped one week apart, and both claim to be the best at agentic coding. We put that to the test by giving each model the exact same prompt: build a production-ready, secure note-taking application from scratch. But we didn't stop at reviewing the code. We actually tried to break it by running real security tests against each app to see whether AI-generated code can be trusted with user data. The results were not what we expected.

Cursor just dropped Composer 2.0, claiming it rivals (and even beats) the industry’s leading frontier models like GPT-5.4 and Claude Opus 4.6. But do the benchmarks match reality?

In this video, we explore the growing security risk of prompt injection in large language model (LLM) applications. As AI becomes embedded in more products, new vulnerabilities emerge, especially through natural language manipulation. We break down how LLMs work, the importance of system prompts, and demonstrate five real-world prompt injection techniques used to extract sensitive information or bypass safeguards. You’ll see live examples using different models and learn why newer models are more resilient, but still not immune.

We pit GitHub Spark (in public preview) against Replit's AI agent. The challenge? Build a fully functional community forum for DIY tips from a single prompt. We compare design aesthetics, mobile responsiveness, login security, and deployment speed to see which tool creates a truly production-ready application. Which one do you think deserved the win? Let me know in the comments!

In the second match of our Vibe Coding Challenge series, we put two powerhouse AI platforms to the ultimate test: Vercel’s v0 and Base 44. We gave both platforms the exact same prompt: build a DIY Home Repair community forum.

Which AI tool is better for building a real app without writing code, Bolt or Lovable? In this video, I put both AI app builders head-to-head using the exact same prompt to create a DIY home repair forum. From database setup to authentication, UI design, publishing, and security checks, we compare how each platform performs in real time. The goal isn’t just to generate something that looks like an app, it’s to see whether these tools can actually create something usable, functional, and potentially production-ready. We evaluate.

Join Vandana and Rob in this insightful webinar exploring the rapidly evolving landscape of AI security. As we shift from simple query-response models to complex autonomous agents that can plan, execute code, and access sensitive APIs, the traditional security "locks" are no longer sufficient. This session dives deep into the OWASP AI Exchange, a community-driven initiative providing practical guidance and technical controls for securing AI systems.

When AI Hallucinates Security Patches.