AI tooling is shipping faster than security can audit it
Anthropic's scanners miss malicious test files that execute with full developer permissions, while revenue projections justify speed over safety across the stack.
Anthropic's projected revenue growth in 2026, driving compute and tooling velocity
Anthropic Skill scanners cannot detect malicious code in test files that execute in beforeAll blocks with access to CI environment variables containing deployment tokens and cloud credentials.
One pattern. Trace it.
- 01
A pattern worth naming
Track Cisco's GitHub Skill Scanner repo for commits addressing bundled test files. (2) Anthropic fundraise or IPO filing — the 80x revenue claim and xAI compute deal are pre-capital-raise signals.
- Shift
For the first time, AI coding assistants execute untrusted code with the same permissions developers hold in production pipelines
- Shift
Compute supply constraints now drive semiconductor companies to file for fabs at nation-state scale, with SpaceX seeking up to $119B for Texas capacity
- Shift
Non-technical employees bypass engineering entirely, deploying AI-generated applications to production without security review
“Are we running Anthropic Skills in production, and if so, have we verified our test runners ignore the .agents/ directory?”
Ask your security lead whether AI coding tools in your CI pipeline have test file execution disabled and credentials rotated in the last 30 days.
By Joseph Lancaster, Editor — with research from Pine Needle's intelligence layer.
The next argument lands tomorrow at 6 a.m. Pacific. Get it in your inbox →