Managing and Securing VS Code Extensions at Scale
Editor’s Note: In this blog post, Palantir’s Information Security (InfoSec) team shares their approach to implementing a comprehensive VS Code extension management program, demonstrating practical solutions to a frequently overlooked attack vector. Introduction Integrated development environments (IDEs) serve as the primary interface for authoring code and managing infrastructure, sitting at the heart of every software company. Despite their ubiquity, it’s easy to overlook the security risks they present. Nearly every IDE user relies on extensions — familiar tools like code debuggers, git add-ons, and custom color themes that enhance productivity. However, these seemingly helpful extensions pose potentially disastrous risks to both individuals and enterprises. While information security te
Could not retrieve the full article text.
Read on blog.palantir.com →blog.palantir.com
https://blog.palantir.com/managing-and-securing-vs-code-extensions-at-scale-b75b2cf72b02?source=rss----3c87dc14372f---4Sign in to highlight and annotate this article
Conversation starters
Daily AI Digest
Get the top 5 AI stories delivered to your inbox every morning.
More about
releaseavailableversion
How to Use Claude Code for Security Audits: The Script That Found a 23-Year-Old Linux Bug
Learn the exact script and prompting technique used to find a 23-year-old Linux kernel vulnerability, and how to apply it to your own codebases. The Technique — A Simple Script for Systematic Audits At the [un]prompted AI security conference, Anthropic research scientist Nicholas Carlini revealed he used Claude Code to find multiple remotely exploitable heap buffer overflows in the Linux kernel, including one that had gone undetected for 23 years. The breakthrough wasn't a complex AI agent—it was a straightforward bash script that systematically directed Claude Code's attention. Carlini's script iterates over every file in a source tree, feeding each one to Claude Code with a specific prompt designed to bypass safety constraints and focus on vulnerability discovery. Why It Works — Context,
Loop Neighborhood Markets Deploys AI Agents to Store Associates
Loop Neighborhood Markets is equipping its store associates with AI agents. This move represents a tangible step in bringing autonomous AI systems from concept to the retail floor, aiming to augment employee capabilities. The Innovation — What the source reports Loop Neighborhood Markets, a convenience store chain, has begun providing AI agents to its store associates. While the source article is brief, the announcement itself is significant. It signals a shift from internal, back-office AI pilots to deploying agentic AI directly into the hands of frontline retail staff. The specific capabilities of these agents—whether for inventory queries, customer service support, or task management—are not detailed, but the operational intent is clear: to augment human workers with autonomous AI assis
I Can't Write Code. But I Built a 100,000-Line Terminal IDE on My Phone.
I can't write code. I'm not an engineer. I've never written a line of TypeScript. I have no formal training in computer science. But I built a 100,000-line terminal IDE — by talking to AI. Every architectural decision is mine. The code is not. It was created through conversation with Claude Code, running inside Termux on a Samsung Galaxy Z Fold6. No desktop. No laptop. Just a foldable phone and an AI that can execute commands. Today I'm releasing it as open source. GitHub: github.com/RYOITABASHI/Shelly The Problem You're running Claude Code in the terminal. It throws an error. You copy it. You switch to ChatGPT. You paste. You ask "what went wrong?" You copy the fix. You switch back. You paste. You run it. Seven steps. Every single time. The terminal and the chat live in different worlds.
Knowledge Map
Connected Articles — Knowledge Graph
This article is connected to other articles through shared AI topics and tags.
More in Products
trunk/3c9726cdf76b01c44fac8473c2f3d6d11249099e: Replace erase idiom for map/set with erase_if (#179373)
C++20 provides std::erase_if(container, pred) which is equivalent to the following much longer code snippet for associative containers: auto it = container.begin(); while (it != container.end()) { if ( pred (*it)) { it = container. erase (it); } else { ++it; } } PyTorch now supports C++20: #176662 Pull Request resolved: #179373 Approved by: https://github.com/cyyever , https://github.com/Skylion007
How to Use Claude Code for Security Audits: The Script That Found a 23-Year-Old Linux Bug
Learn the exact script and prompting technique used to find a 23-year-old Linux kernel vulnerability, and how to apply it to your own codebases. The Technique — A Simple Script for Systematic Audits At the [un]prompted AI security conference, Anthropic research scientist Nicholas Carlini revealed he used Claude Code to find multiple remotely exploitable heap buffer overflows in the Linux kernel, including one that had gone undetected for 23 years. The breakthrough wasn't a complex AI agent—it was a straightforward bash script that systematically directed Claude Code's attention. Carlini's script iterates over every file in a source tree, feeding each one to Claude Code with a specific prompt designed to bypass safety constraints and focus on vulnerability discovery. Why It Works — Context,
Loop Neighborhood Markets Deploys AI Agents to Store Associates
Loop Neighborhood Markets is equipping its store associates with AI agents. This move represents a tangible step in bringing autonomous AI systems from concept to the retail floor, aiming to augment employee capabilities. The Innovation — What the source reports Loop Neighborhood Markets, a convenience store chain, has begun providing AI agents to its store associates. While the source article is brief, the announcement itself is significant. It signals a shift from internal, back-office AI pilots to deploying agentic AI directly into the hands of frontline retail staff. The specific capabilities of these agents—whether for inventory queries, customer service support, or task management—are not detailed, but the operational intent is clear: to augment human workers with autonomous AI assis
I Built a Free AI Tool That Turns One Blog Post Into 30 Pieces of Content
As a content creator, I was spending 3-4 hours every week manually repurposing my blog posts into tweets, LinkedIn posts, newsletters, and video scripts. It was mind-numbing work. So I built RepurposeAI — a free tool that takes one blog post and instantly generates 30+ pieces of content using AI. What It Does Paste in any blog post and get back: 10 Twitter/X posts (with hooks, hashtags, threads) 5 LinkedIn posts (professional tone, storytelling format) 1 Email newsletter (complete with subject line) 1 Video script (YouTube/TikTok ready) 5 Email subject lines (A/B test variations) All generated in under 10 seconds. How It Works Go to RepurposeAI Paste your blog post content Click "Repurpose My Content" Copy any of the 30+ generated pieces The AI analyzes your writing style, key points, and
Discussion
Sign in to join the discussion
No comments yet — be the first to share your thoughts!