Bright Data CLI gives coding agents (Claude Code, Cursor, Copilot) real-time web scraping and structured data extraction from 40+ platforms, directly from the terminal, at 10-32x the cost of MCP for equivalent tasks.

Sysdig documented how CVE-2026-33626 enabled a published LMDeploy advisory to become a working SSRF exploit within 12.5 hours, with attackers probing for AWS IMDS credentials, Redis, and MySQL endpoints. Palo Alto’s Unit 42 took it further, publishing findings from building an autonomous AI agent that attacks cloud infrastructure on its own. Wiz published a detailed GitHub Actions threat model, and Synthesia shared what actually moved the needle when scaling vulnerability management with AI.

On the tutorial side, we cover migrating from Ingress NGINX to Traefik or Gateway API without the usual pain, building eBPF-based bandwidth limiting in the AWS Network Policy Agent, deploying Docker apps to Linux with K3s, and using Claude Code for DevSecOps on AWS. Plus: automating incident investigation with the AWS DevOps Agent.

This week’s open source picks include clawsec, a security suite that protects AI agents from prompt injection; pmg, a Go-based package manager guard that blocks malicious npm, pip, and yarn packages before they run; pgweb, a zero-dependency Postgres web UI that ships as a single Go binary; and GreenKube, a Python tool for tracking and reducing the carbon footprint of Kubernetes clusters.

Your AI agent can’t see the web. Fix that in 30 seconds.

Bright Data CLI gives coding agents (Claude Code, Cursor, Copilot) real-time web scraping, search, and structured data extraction from 40+ platforms - directly from the terminal. One command. No MCP overhead. No schema bloat. 10-32x cheaper than MCP for equivalent tasks - Check out the GitHub repo

Newsworthy stories

• Primer on GitHub Actions security

• Can AI attack the cloud?

• Most devs ignore git worktree

• ISO 27001 on AWS: building compliance into the architecture

• Scaling vulnerability management with AI: what actually worked

• The engineering manager’s attention budget

Tutorials of the week

• Automating incident investigation with AWS DevOps Agent

• Migrate from Ingress NGINX to Traefik or Gateway API in minutes, not days

• A better way to deploy a Docker app to a Linux server

• A framework for securely collecting forensic artifacts into S3 buckets

• The Claude Code DevSecOps shift on AWS

• Building eBPF-based bandwidth limiting in AWS Network Policy Agent

• How attackers exploited LMDeploy LLM inference engines in 12 hours

Videos of the week

Projects of the week

• clawsec is a security skill suite for AI agents that defends against prompt injection and provides dedicated protection modules for OpenClaw, NanoClaw, and Hermes.

• xata is a cloud-native platform for self-hosting Postgres on Kubernetes with copy-on-write branching (copy TBs in seconds).

• clauditor is a security scanner that audits Claude Code configuration across user, project, local, and managed scopes with 50+ built-in checks, severity ratings, and a hardened settings generator for CI/CD pipelines.

• pmg is a Go-based package manager guard that intercepts npm, pip, yarn, pnpm, bun, and uv installations to block malicious packages using real-time threat intelligence.

• ml-intern is an autonomous ML engineer agent that reads papers, trains models, and ships through a 300-iteration agentic loop.

• pgweb is a web UI for PostgreSQL that ships as a single binary with no dependencies, supporting SSH tunnels, multiple concurrent sessions, and data export.

• GreenKube is a tool for monitoring and reducing the carbon footprint of Kubernetes clusters.

Meme of the week