A single config file in a cloned repository could steal your AWS credentials through Amazon Q Developer
THE SO WHAT
AI dev tools are now part of your attack surface—this CVE-2026-12957 shows a repo config file can pivot through Amazon Q Developer to exfiltrate AWS creds. If you’re rolling out AI coding assistants, treat them like CI/CD: threat model plugin/config execution and lock down cloud credentials on dev machines this week.
READ THE SOURCE
MORE FROM THE WIRE
Applied AIHow People in China Keep Outsmarting Anthropic’s Geolocation Restrictions
Users routing around Anthropic’s China blocks via proxies and fake IDs shows that geo-fencing is a speed bump, not a wall, for high-demand models. If you operate globally, treat compliance controls as partially adversarial systems — you need monitoring, abuse playbooks, and regional risk budgets, not just IP blocks.
Applied AIAWS hikes prices for Nvidia GPUs in its EC2 Capacity Blocks service, which let businesses rent AI compute in advance, by 20%; Trainium chip pricing is unchanged
A 20% price hike on Nvidia EC2 Capacity Blocks while Trainium stays flat is AWS using pricing to steer workloads toward its own silicon. If you’re committing to reserved AI capacity, model the TCO of vendor-native chips now — and negotiate flexibility to rebalance as price gaps widen.
Applied AIOpenAI says GPT-5.6 Sol and Terra were capable of identifying vulnerabilities but were unable to execute autonomous, end-to-end attacks against hardened targets
Top-tier models can now reliably spot vulnerabilities but still struggle to chain them into autonomous, end-to-end attacks against hardened systems — the offense/defense gap is narrower but not closed. Security teams should treat LLMs as powerful recon and red-teaming tools while still assuming human-led orchestration for serious threats.
Applied AIFord had to rehire 350 engineers after its AI got vehicle quality wrong
Ford having to rehire 350 engineers after over-rotating to AI is a clear warning — you can’t rip out deep domain expertise and expect models to backfill judgment. Use AI to augment senior engineers and compress cycle times, not as a one-for-one replacement for quality-critical roles.