Enclave

Enclave now checks the packages your PRs pull in, not just your code. It flags risky deps (install scripts, brand‑new releases, known CVEs) as inline PR concerns. It only runs when the PR changes a manifest or lockfile (e.g., package.json, yarn.lock, pyproject.toml, poetry.lock). For those files, it computes a normalized dependency diff (PackageChange[]) to see which packages were added, upgraded, downgraded, or newly appear as transitives.

What happens when your math and map processing libs become RCE vectors? We've exploited OSS libraries to pop 2 shells on Microsoft's cloud infra, got assessed "low" severity, and found 2 bypasses again to defend our case, almost losing out on 6 digits in bounties The current impact is over 120,000 repos just on GitHub. AI agents, LangChain, TiTiler, pandas. Everybody wants the researchers to be responsible. Here's how responsible disclosure looks like from the other side:

Software has entered a supply and demand crisis. AI-driven velocity means more code hits your repositories than your team can peer review. For a CISO, the problem isn't a lack of tools. It's a lack of signal. Traditional scanners create thousands of alerts and send them into a backlog no one has time to clear. Leaving your team guessing at which issues actually matter to the business. Security cannot be the bottleneck. It also cannot be a liability. One overlooked trust boundary is all it takes to exfiltrate AI tokens or rack up massive API costs. Enclave provides the independent oversight required for this scale of development. We don't just scan for patterns. We follow system logic across files and services to find the architectural risks that matter. When Enclave flags an issue, it shows the context and the fix. Your team reviews the fix, approves it, and keeps shipping. Stop managing noise. Ship with confidence.

WATCH: Enclave's Independent Reviewer in action. Analyze every PR for security risks by following logic across files and services. Catch the architectural vulnerabilities traditional scanners miss. No separate backlogs. Get high-confidence findings and suggested fixes commented directly on your GitHub PRs. Start scanning now: https://t.co/9XPfK68hcC

To exploit this to RCE you need: 1. ASLR disabled (or some way to leak info) 2. The nginx server configuration to have a "set" + "rewrite" directives. The rewrite has to have '?' in its replacement rule (second arg) So the attack surface is probably much less than what it seems. Nice finding and the part about the exploitation is also great, I recommend reading the blog.

75% of Google’s new code is AI-generated and that number will keep increasing. The role of engineers has shifted, The challenge is no longer writing the code, it’s verifying the architecture. When software is built at this scale, the risk isn’t in simple syntax errors. The real vulnerabilities are in the data flows between services and where trust boundaries are. Security has to move as fast as the tools generating code. That requires an independent perspective that can hold the context of an entire system at once. That’s where Enclave comes into play. https://t.co/u1vEZNLZyE