Programmer Humor

31994 readers

653 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 3 years ago

MODERATORS

Feyter@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev

pylapp@programming.dev

Incident Report: CVE-2026-LGTM (nesbitt.io)

submitted 19 hours ago by shape_warrior_t@programming.dev to c/programmer_humor@programming.dev

7 comments fedilink hide all child comments

Found this on Lobsters, thought it was an entertaining read. For more context, you might want to read the previous instalment, CVE-2024-YIKES (also linked early on in the post itself).

you are viewing a single comment's thread
view the rest of the comments

[–] Jakylla@jlai.lu -2 points 18 hours ago

Summary

A malicious package passed seven independent AI-powered security gates, each of which failed to stop it for a different reason, none of which was “the code is safe.” The incident was resolved when the attacker’s autonomous agent read a file it shouldn’t have, which is also how the incident started.

Seven LLMs were arranged in series. Six assumed another had read the code; the seventh read it and apologised.

Key Learnings

A cross-functional Agentic Security Working Group has been chartered, replacing the cross-functional Security Working Group established after CVE-2024-YIKES, which never met. The new working group’s kickoff has been scheduled by an AI calendaring assistant into the same slot as the CVE-2024-YIKES retrospective. The calendaring assistant has marked both as Tentative.