Critical

High-severity "Action Needed" alerts.

FlowWise

There's an Active Exploit in Flowise Right Now — Update Before Your Next Agent Run

Apr 9, 2026

•

3 min read

There's an Active Exploit in Flowise Right Now — Update Before Your Next Agent Run

CVE-2025-59528 is a perfect-10 severity code injection flaw being actively exploited. The patch has been out for six months. Most instances are still exposed.

Trish T.

MCP

The Infrastructure Connecting Your AI Agents to Everything Has a Security Debt Problem

Apr 7, 2026

•

6 min read

The Infrastructure Connecting Your AI Agents to Everything Has a Security Debt Problem

97 million installs. Optional authentication. And the bill is starting to arrive.

Trish T.

Pricing & Billing

Replicate Now Charges You for Failed API Calls — And Disputing That Just Got Harder

Apr 3, 2026

•

4 min read

Replicate Now Charges You for Failed API Calls — And Disputing That Just Got Harder

A quiet update to Replicate's API terms adds billing rules that most developers won't notice until something goes wrong.

Trish T.

Agents

Shadow AI Is Already Running in Your Company

Mar 24, 2026

•

6 min read

Shadow AI Is Already Running in Your Company

88% of organizations have had an AI agent security incident. Most of them didn't approve the agent that caused it.

Trish T.

OpenAI

Mar 3, 2026

•

3 min read

The Great AI Exodus: Why Developers Are Leaving OpenAI for Claude

Anthropic said no to the Pentagon. OpenAI said yes. And the market is voting with its downloads.

Trish T.

Privacy

The AI Stack Just Got Political: What Anthropic's Government Blacklisting Means for Your Business

Mar 2, 2026

•

9 min read

The AI Stack Just Got Political: What Anthropic's Government Blacklisting Means for Your Business

On Friday afternoon, while most of us were wrapping up the week, something unprecedented happened in the AI industry.

Trish T.

Privacy

PayPal Exposed SSNs for 6 Months (But Don't Panic Yet)

Feb 20, 2026

•

3 min read

PayPal Exposed SSNs for 6 Months (But Don't Panic Yet)

A code error in PayPal's Working Capital loan app exposed personal information (names, emails, phone numbers, SSNs, dates of birth) from July 1 to December 13, 2025.

Trish T.

Critical

Feb 20, 2026

•

3 min read

The Crustacean in the Machine

Cline got hit with supply chain attack. The vehicle... OpenClaw.

Trish T.

Anthropic

Feb 19, 2026

•

7 min read

The Anthropic Crackdown: What Actually Happened and Why It Matters to You

Your vendor policy digest. 5 minutes. No legalese

Trish T.

compliance

Feb 19, 2026

•

4 min read

Vercel Wants Your Tax Money.

Vercel's coming for your VAT, AI agents get their own TOS and a side project idea.

Trish T.

Privacy

TL;DR - The One Where Google Quietly Moved the Goalposts

Feb 18, 2026

•

4 min read

TL;DR - The One Where Google Quietly Moved the Goalposts

We scanned the internet’s fine print so you didn't have to. Here is the drift that matters. Your weekly vendor policy digest. 5 minutes. No legalese.

Trish T.

Critical

There's an Active Exploit in Flowise Right Now — Update Before Your Next Agent Run

The Infrastructure Connecting Your AI Agents to Everything Has a Security Debt Problem

Replicate Now Charges You for Failed API Calls — And Disputing That Just Got Harder

Shadow AI Is Already Running in Your Company

The Great AI Exodus: Why Developers Are Leaving OpenAI for Claude

The AI Stack Just Got Political: What Anthropic's Government Blacklisting Means for Your Business

PayPal Exposed SSNs for 6 Months (But Don't Panic Yet)

The Crustacean in the Machine

The Anthropic Crackdown: What Actually Happened and Why It Matters to You

Vercel Wants Your Tax Money.

TL;DR - The One Where Google Quietly Moved the Goalposts

STAY CONNECTED