AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design – Idan Plotnik, Raj Mallempati – ASW #377
Idan is a serial entrepreneur and product strategist, bringing to Apiiro nearly 20 years of experience in cybersecurity. Previously, Idan was Director of Engineering at Microsoft following the acquisition of Aorato where he served as the founder and CEO.
Raj Mallempati is CEO & Co-founder of BlueFlag Security. Prior to launching BlueFlag, he most recently served as COO CIEM at Microsoft, through Microsoft’s acquisition of his prior company CloudKnox Security (acquired 2021). Prior to joining CloudKnox, Raj was the Senior Vice President of Marketing at Malwarebytes. Raj has also held positions as the Vice President of Global Marketing at MobileIron, Vice President of Product Marketing at Riverbed Technology, and was the Director of Marketing and Business Strategy at VMware. He holds an MBA from The Wharton School, University of Pennsylvania, MS, Computer Science from the University of Texas, and a B.Tech from Indian Institute of Technology, Madras.
Mike Shema
- Anthropic’s AI Coding Tool Leaks Its Own Source Code For The Second Time In A Year
Risky Business has had a good collection of articles and comments about this.
The aftermath has been an ironic journey of DMCA takedowns and so-called clean room implementations of Claude Code's behavior. We'll be seeing more of this kind of clean room rewrite laundered through LLMs. There's precedent for the general concept of such rewrites, but this particular approach hasn't been legally tested. Plus, who knows what the license and copyright angles look like.
I mention these rewrites because it ties into a larger discussion we've had on the show about the impact of coding agents on software projects and whether we'll see an abandonment of frameworks in favor of everyone creating their own bespoke solutions from some combination of markdown, coding agents, and the millions of unacknowledged lines of code the models have been trained on.
- Post Mortem: axios npm supply chain compromise · Issue #10636
It's like the XZ Utils compromise, but now with AI.
- MAD Bugs: vim vs emacs vs Claude – Calif
Everyone's showing off the fun bugs they're finding with LLMs. Probably because it's cooler than showing off bugs found with a fuzzer. And surely because it's simpler to prompt an agent than it is to instrument a project with a fuzzer. But who knows if it's any cheaper.
There's also a SQL injection reported against Ghost by Nicolas Carlini as part of his Unprompted presentation. The problem was a classic string concatenation fixed by using a parameterized query. It's the type of bug that becomes more critical when there's a demonstrated exploit, as in this case, but it's also the type of bug that should have just been avoided by a stricter coding style that forbade string concatenation for queries in the first place.
- Introducing EmDash — the spiritual successor to WordPress that solves plugin security
We've mostly avoided covering any WordPress plugin vuln because they're ubiquitous and boring. The real problem, as this article notes, is how WordPress designed the plugin architecture.
This is a type of appsec future I'd prefer to see -- creating new software with better designs and defaults. Using agents and LLMs to find bugs is fun, but feels so ephemeral and too often distracts attention from secure design principles.
It might also hint at a future where everyone rewrites their own projects and frameworks. Who knows!
- Don’t trust, verify | daniel.haxx.se
This article is a good list of scenarios that demonstrate threat modeling and a good list of coding styles and solutions that improve security without being explicit security controls.
What if we got rid of "appsec" and just called it good software engineering?
- [FYI] Phrack 73 Call For Papers
Submissions due by June!











