Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

How to Setup AI Rules, Skills, Hooks and MCPs

Jun 22, 2026 By Snyk In Snyk
In this video, we break down how to properly set up and use AI extension points - specifically MCP (Model Context Protocol) servers, Rules, Skills, and Hooks - to supercharge your development workflow. Using practical, security-flavored examples with Claude Code and Snyk, you'll learn how to configure a local project environment that automatically catches vulnerabilities before they ever hit your codebase. Whether you use the Claude CLI, VS Code extensions, or alternate AI ecosystems like Cursor or Gemini, you can use these exact steps as a blueprint to automate any workflow in your project.
View Video
Snyk

A Forgotten Contributor Account Compromised the Entire Mastra npm Package Scope

Jun 16, 2026 By Liran Tal In Snyk
An attacker republished the entire @mastra npm scope on June 17, 2026, slipping a single malicious dependency into 143 packages and counting, including @mastra/core, which pulls roughly 4 million downloads a month and has hundreds of dependent projects. The injected dependency, easy-day-js, is a dayjs lookalike whose install hook disables TLS verification, downloads a second-stage payload from a raw IP address, and runs a cross-platform cryptocurrency stealer in the background.
Read Post
Snyk

The Government Just Banned an AI Model. An Engineer's Perspective.

Jun 15, 2026 By Randall Degges In Snyk
I've spent the better part of three years wiring AI into how my teams build and ship software. So when the news broke this week that the US government had effectively switched off an AI model, I was legitimately shocked. Not for one country. Not for one company. For everyone on the planet, all at once. Three days. That's how long Anthropic's Fable 5 and Mythos 5 models were available before the government ordered them shut off for everyone.
Read Post

Top 7 Claude Skills for Developers

Jun 15, 2026 By Snyk In Snyk
Over 78% of developers are using Claude for coding, but almost everyone is leaving its single most powerful feature switched off: Claude Skills. In this video, we break down what Claude Skills are, how they use "progressive disclosure" to keep your context window light, and the 7 best engineering skills you can install this week to completely supercharge your workflow.
View Video
Snyk

When a Government Pulls an AI Model: What the Fable 5 and Mythos 5 Suspension Means for Security Teams

Jun 14, 2026 By Stephen Thoemmes In Snyk
On the evening of June 12, 2026, Anthropic disabled access to two of its newest models, Claude Fable 5 and Claude Mythos 5, for every customer worldwide. The company did not do this because of an outage or a self-discovered flaw. It did it to comply with a US government export-control directive, received at 5:21 PM ET that day, citing national security authorities.
Read Post

Claude Opus 4.8: Can It Finally Write Secure Code?

Jun 8, 2026 By Snyk In Snyk
We put Anthropic’s new Claude Opus 4.8 to the test using our standard benchmark: building a secure, production-ready Notes app. Anthropic claims this model is four times less likely to let security flaws slip through. Operating on "Ultra Code" mode, the AI navigates environment blocks, writes its own E2E security test suite, and runs dependency audits. We walkthrough the final app and run a security scan using the Snyk CLI to see if Claude's code is truly safe to deploy.
View Video
Snyk

So You Have an AI Security Budget. Now what?

Jun 4, 2026 By Snyk Team In Snyk
Most organizations spend their AI security budget on the wrong layer. The instinct is to just buy visibility to inventory the models, map the APIs, and ship a dashboard. But visibility alone won’t stop the coding agent that just pulled in a compromised MCP server. It won’t stop the production agent that’s about to forward a customer record to a place it shouldn’t go.
Read Post
Snyk

Type Level Security: The future of secure AI code generation?

Jun 4, 2026 By Stephen Thoemmes In Snyk
With code being written (& generated) faster than ever before, there is the unfortunate side effect that security vulnerabilities are also coming faster than ever before. Asking your LLM not to include security vulnerabilities in its code doesn't always work. It is becoming clear that the way software is built today, manually or with assistance, is insufficient when it comes to reliably, consistently, and provably writing secure code.
Read Post
Snyk

Node-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gyp

Jun 4, 2026 By Liran Tal In Snyk
A supply chain attack is actively spreading through the npm registry by abusing a file most security tooling never looks at: binding.gyp. Instead of relying on the well-monitored preinstall or postinstall lifecycle scripts, the malware ships a weaponized binding.gyp that triggers node-gyp to execute attacker-controlled code automatically during npm install.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.