security
Clinejection: what the 4,000-machine compromise tells us about agentic CI
A GitHub issue title → AI triage bot → npm token → 4,000 compromised developer machines. The attack chain was five steps. The root cause was one line of config.