Gadi Evron

And if you're looking to defend your agents and coding assistants, not to mention preventing them from deleting your computer or code, do check Knostic out, or just message me for a demo.
knostic.ai

Links:
- Project page: openant.knostic.ai
- For technical details, limitations, and token costs, check out this blog post: knostic.ai/blog/openant
- To submit your repo for scanning: knostic.ai/blog/oss-scan
- Repo: github.com/knostic/Open...

You can just download OpenAnt, but:
- Want it managed? If you'd like us to manage it for you, plug-and-play it into your CI/CD, leave us a note on the project page to get on the waiting list. - Scan your open source! Submit the form on the project page for us to scan your repo.

Why OpenAnt is Different:
- A "unit" in OpenAnt is some coe block (e.g., function, module, etc.) along with additional metadata that allows the LLM to analyze it with the proper context.
- Adversarial reflexion: Validating vulnerabilities with constrained personas

Since our focus is on protecting coding agents and preventing them from rm -rf your computer and deleting your code (not vulnerability research), we're releasing OpenAnt for free. Plus, we like open source.
..And besides, it makes zero sense to compete with Anthropic and OpenAI.

@knosticai is open-sourcing OpenAnt, our LLM-based vulnerability discovery product, similar to Anthropic's Claude Code Security, but free. It helps defenders proactively find verified security flaws. Stage 1 detects. Stage 2 attacks. What survives is real.

Why open source?

We lost FX. A lot of people wrote about this so I feel comfortable sharing here too. I’m heartbroken. We’re heartbroken.
At 8 am pacific today (Monday), we are gathering on Zoom to share memories of FX, as a community. Ping me for a link.

First they didn’t believe AI can code. Then they didn’t believe AI can find and exploit vulnerabilities and replaces most of AppSec. Now they don’t believe AI will replace most of the SOC. Let’s talk again in a few months and see what people won’t want to believe then.

And, as usual, if you want to secure your own agents/MCP/skills/etc. and get ahead of AI risks, check out what we do at Knostic, and hit me up for a demo.

knostic.ai

I understand how overwhelming things can feel, and how difficult creating change in companies can be…
All it takes is trying, and understanding English. Try now. Get an agent. Talk to it.

I’d like to highlight leaders in AppSec who break the trend of poor communications, because they were already ahead of the curve, before being blindsided by Anthropic:
@weld.bsky.social of Veracode, Isaac Evans of Semgrep, and Neatsun Ziv of OX Security.

Each point is an arbitrary percentage additive to an assumed readiness to shift with the times - a shot at survival, a shot at staying relevant.

It’s about culture and moving fast, not market research, and I believe this applies to a huge bank as much as it does to a small vendor or even your own security team.

9. Are you talking about innovating with AI, admiring the problem, or drastically moving and taking no prisoners? [5 points]

6. Is your code review automated? [5 points]
7. Is your token use limited? It shouldn’t be. [5 points]
8. Does your team compare how they spend their tokens, weekly? [5 points]

1. Is your CEO/CISO using Claude Code/Cursor/etc.? [15 points]
2. Is your finance? [10 points]
3. Is your HR? [10 points]
4. Is your marketing? [5 points]
5. Is your engineering beyond writing manual code? [5 points]

But then, if not the leader, are YOU trying harder?

Regadless of what industry would be next, we all need to take drastic action to remain relevant.

Starting questions for reflection, with self-scoring:

Vendors posting “they [Anthropic] don’t do it well” or “we catch things they don’t” gets translated in my head into “okay, so you’re saying THEY are the leader? Why should I work with you, then?”

Which companies will survive AI? A points game. Which already lost? LinkedIn posts by leaders demonstrate that as well.

Let’s start with the current market under threat (AppSec).

A thread 🧵

At Knostic, we focus on protecting AI coding agents. Agentic security does not need to start with prompt injection or malicious skills. It starts with making sure people can use these tools without worrying about unintended destructive actions.

Ask me for a demo!

knostic.ai

Having spoken with roughly 150 CISOs and CIOs these past couple of months, these kinds of events are familiar inside real development organizations, even when they don’t become public incidents.

It’s not about sandboxing, as that now comes by default with these agents. Rather, it’s about what’s allowable for the agent, and understanding the context of the command as compared to the user’s intent.

Ask me for source links to all incidents if you want them! :)

* Amazon Q Developer: A prompt injected via pull request was processed that contained instructions to delete local and cloud resources.

And of course, the two recent AWS outages, reported a few days ago.

* Google Antigravity AI: A developer's drive was deleted following a request to clear cached files.

* Replit: A production database was deleted during use of an AI coding tool, according to the company's CEO.

* Cursor: Files disappeared during AI-assisted refactoring. Terminal commands ran without user approval. Files deleted despite Delete File Protection being enabled. Large code portions removed during editing.

* Claude Code: Files deleted without permission prompts after disk space was exhausted. rm -rf wiped a user's entire home directory. Commands executed outside allowlists. File operations escaped configured working directories. Approved single-file deletions cascaded to unrelated files.

All developers really want is to use these tools without worrying about damage, or needing to constantly approve actions. That’s fully achievable.

Some publicly documented Incidents:
(March 2025 - February 2026)

We can prevent coding agents from deleting our code or randomly running rm -rf.

As AI agents increasingly execute actions, we're seeing a steady stream of incidents, from deleted files to unauthorized commands, and actions outside intended scope.

A thread and a list

The hero we need.

Original, found via Imri Goldberg.
x.com/steipete/sta...