IBM Bob gets expensive in very boring ways: old chats, broad `@git-changes`, full `@terminal` dumps, and MCP catalogs you forgot were connected.

I wrote a practical guide to `.bobignore`, smaller `@` mentions, narrower toolsets, and using `Code` versus `Advanced` on purpose. https://www.the-main-thread.com/p/ibm-bob-cost-guide #IBMBob #MCP #AICodingAgents

Coding agents do not need trust. Repositories need a rejection path.

I wrote about isolated workspaces, fast local hooks, merge-boundary enforcement, and why AI-generated diffs need explicit tool roles instead of prompt etiquette.

https://www.the-main-thread.com/p/coding-agent-guardrails

#AICodingAgents #DevSecOps #CodeReview

Coding agents do not need better manners. They need a change budget.

I wrote about scope limits, isolated workspaces, review cost, and why "human in the loop" is too weak if an agent can already turn a one-class task into a 14-file diff.

https://www.the-main-thread.com/p/coding-agents-change-budget

#AICodingAgents #CodeReview #SoftwareArchitecture

AI Coding Agents Exposed to Agentjacking Attack

Imagine a sneaky new attack that tricks AI coding assistants into doing an attacker's bidding - without ever touching the victim's infrastructure. This clever hack, dubbed Agentjacking, uses a sneaky sequence of steps to get AI tools to execute malicious code on developers' machines.

https://osintsights.com/ai-coding-agents-exposed-to-agentjacking-attack?utm_source=mastodon&utm_medium=social

#AiCodingAgents #AgentjackingAttack #EmergingThreats #SupplyChain #DataonlyAttack

Our Senior Dev pitted 6 #AICodingAgents against himself on a strict TypeScript codebase.

Two agents actually cost more than writing it manually. They faked network latency with setTimeout(1000) instead of integrating with the real API cache.

One agent crushed it with 80% savings and clean code.

Turns out agents ignore documentation but perfectly replicate patterns in neighboring files.

https://amazee.ai/six-ai-agents-against-senior-engineer-codebase-experiment

AI Coding Agents Exposed to 'Agentjacking' Attacks

Beware of "agentjacking" attacks that exploit AI coding agents' implicit trust, allowing hackers to trick them into executing malicious code on developers' machines. This new class of attack starts with a simple exploit of publicly available credentials, putting even the most secure systems at risk.

https://osintsights.com/ai-coding-agents-exposed-to-agentjacking-attacks?utm_source=mastodon&utm_medium=social

#AiCodingAgents #Agentjacking #EmergingThreats #ArtificialIntelligence #SupplyChain

AI can draft the code. It still cannot infer your hidden contracts, architecture boundaries, or reviewer attention budget.

I wrote about context engineering, small task framing, MCP-style tool surfaces, and why the real cost comes back during verification.

https://www.the-main-thread.com/p/ai-coding-real-systems

#AICodingAgents #SoftwareEngineering #Java

I dunno if this was right or wrong, given no opt-out, and I'm not a code developer, but I can understand the frustration with AI, and all those who swear by it.

#ai #videcoding #arstechnica
#tech #techsabotage #jqwik
#aicodingagents #junit5 #llm
#JohannesLink #promptinjection

https://arstechnica.com/security/2026/05/fed-up-with-vibe-coders-dev-sneaks-data-nuking-prompt-injection-into-their-code/

"Supports 100+ languages" is one of the slipperiest sentences in AI coding right now.

I wrote about why code LLM language support is really a stack: tokenization, benchmark bias, framework awareness, retrieval, and repository tooling. The Java part of this story is especially familiar.

https://www.the-main-thread.com/p/code-llm-language-support

#AICodingAgents #LLMs #SoftwareEngineering #Java

1Password secures coding agents with new OpenAI Codex integration

https://fed.brid.gy/r/https://nerds.xyz/2026/05/1password-openai-codex-security/