‘Tokenmaxxing’ is making developers less productive than they think

GitClear, another company in this space, published a report in January that found AI tools increased productivity, but also ...
InfoQ

Anthropic Introduces Agent-Based Code Review for Claude Code

Anthropic has introduced a new Code Review feature for Claude Code, adding an agent-based pull request review system that ...

OpenAI ratchets up Codex’s agentic capabilities to rival Claude Code

The ChatGPT maker is engaged in a fierce battle for AI coding supremacy with its rival Anthropic PBC, and is widely perceived ...
The Next Web

Roblox gives its AI assistant the ability to plan, build, and test games on its own

Roblox upgrades its AI assistant with planning mode, procedural 3D models, and self-correcting agentic loops, plus MCP ...
The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As ...
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
TechCrunch

Anthropic launches code review tool to check flood of AI-generated code

When it comes to coding, peer feedback is crucial for catching bugs early, maintaining consistency across a codebase, and improving overall software quality. The rise of “vibe coding” — using AI tools ...
csis.org

AI-Driven Code Analysis: What Claude Code Security Can—and Can’t—Do

Q1: How does Claude Code Security function—and how does it differ from traditional static application security testing (SAST)? A1: Conventional rule-based static analysis uses pattern matching, ...
adtmag.com

Bellsoft Survey Finds Java Teams Struggle to Square Container Debugging Tools with Security Goals

Incidents are common, and the remediation window is the risk: 23% reported a container security incident, and delays between disclosure and patching can leave known exposures in production. Java ...
IEEE

Static Code Analysis of IEC 61131-3 Programs: Comprehensive Tool Support and Experiences from Large-Scale Industrial Application

Abstract: Static code analysis techniques examine programs without actually executing them. The main benefits lie in improving software quality by detecting problematic code constructs and potential ...
IEEE

Large Language Models Versus Static Code Analysis Tools: A Systematic Benchmark for Vulnerability Detection

Abstract: Modern software relies on a multitude of automated testing and quality assurance tools to prevent errors, bugs and potential vulnerabilities. This study sets out to provide a head-to-head, ...
InfoWorld

How pairing SAST with AI dramatically reduces false positives in code security

In our study, a novel SAST-LLM mashup slashed false positives by 91% compared to a widely used standalone SAST tool. The promise of static application security testing (SAST) has always been the ...