Agent-Security on Napat's Inverse Blog /tags/agent-security/ Recent content in Agent-Security on Napat's Inverse Blog Hugo en-us Tue, 31 Mar 2026 20:30:00 +0700 Inside the Machine: What a Leaked Agentic Code Tool Reveals About AI Security /ai-analysis/inside-the-machine-what-agentic-code-tool-source-reveals-about-ai-security/ Tue, 31 Mar 2026 20:30:00 +0700 /ai-analysis/inside-the-machine-what-agentic-code-tool-source-reveals-about-ai-security/ <p>In March 2026, someone extracted the complete source code of Claude Code from an npm package and published it to GitHub. No modifications. No commentary. Excluding generated code, lock files, and test fixtures — roughly 512,000 lines of TypeScript, dumped into a repository with a single commit.</p> <p>How this happened is itself a security lesson. Anthropic published version 2.1.88 of their npm package with a production source map file — <code>cli.js.map</code>, weighing in at 59.8 MB — that contained the original TypeScript source, comments and all. A misconfigured <code>.npmignore</code> or a build pipeline that skipped artifact scanning, depending on who you ask. The file was there for anyone to extract. Security researcher Chaofan Shou was the first to notice.</p> The Agent Security Gap /2026-03-30-the-agent-security-gap/ Mon, 30 Mar 2026 10:05:00 +0700 /2026-03-30-the-agent-security-gap/ <h2 id="why-adversarial-prompt-engineering-is-not-the-problem--and-what-actually-is">Why adversarial prompt engineering is not the problem — and what actually is</h2> <p>In early 2023, a group of researchers demonstrated something that made security people uncomfortable and product people dismissive.</p> <p>They showed that a language model could be instructed to do things its creators never intended, not by the person using it, but by content it was asked to process.</p> <p>The paper was called &ldquo;Not what you&rsquo;ve signed up for.&rdquo; The attack was called indirect prompt injection.</p> <p>Three years later, the industry still has not fully absorbed the lesson.</p> <hr> <h2 id="the-fixation-on-prompt-injection">The fixation on prompt injection</h2> <p>If you follow AI security discourse, you would think prompt injection is the central problem. It dominates conference talks. It tops the OWASP list. It generates endless proof-of-concept videos.</p> <p>And it should get attention. It is a real vulnerability.</p> <p>But the fixation on prompt injection obscures a more important truth: prompt injection is a symptom, not the disease.</p>