🐧 𝔧𝛒⊻⨎∣ℇ⊺⊂ℌ 🐧

AI agents are already running inside your enterprise. Is your security keeping up? Today at Zenith Live 2026, we introduced the industry's first complete Zero Trust platform for Agentic AI — built to secure how agents connect, access data, and run on devices. See what's new. 👉 https://t.co/CTDv3uEm4P #ZenithLive2026 #ZeroTrust #AISecurity #Zscaler

I found a GitHub repo that gives Claude Code the ability to fully reverse engineer any Android app. It decompiles the APK, reads the source, and maps every single API call the app makes to its server. The wildest part is how it handles obfuscated builds. Most reverse engineering workflows fall apart the second ProGuard or R8 mangles the class names. This plugin has a dedicated strategy layer for navigating obfuscated output and still tracing the real call flow underneath. What you get out of it: → Full decompiled source from APK, XAPK, JAR, or AAR → Documented Retrofit and OkHttp endpoints ready to reproduce → Auth patterns: headers, bearer tokens, API keys → Call flow traces from the UI layer to the actual HTTP request → Auto dependency installer that detects your OS and grabs what's missing Works inside Claude Code with a slash command or plain English. No manual setup. No reading jadx docs. Just point it at the APK. 100% Open Source. Apache 2.0 License. Repo: https://t.co/aFxm1fldLX

What is potentially concerning in this story? First, the reverse engineering of the permissions system. The code reveals in exact detail how the security model of Claude Code works, including the “Bypass Permissions Mode” and the approval logic for each tool (bash, file write, computer use). An attacker who understands this architecture can craft more sophisticated prompts or configurations to try to bypass the guardrails, especially in corporate environments where Claude Code runs with elevated permissions. Second, the complete system prompt is in the code. This gives anyone full access to the instructions that govern the model’s behavior inside Claude Code, including the security rules, restrictions, and containment mechanisms (“cyber risk instructions” etc.). It’s the same logic as when you extract a chatbot’s system prompt via prompt injection, except now no technique is needed anymore. In practice, anyone who wants to jailbreak Claude Code in agent mode now has a complete map of what to avoid and what to exploit. Third, the telemetry. The code confirms that Anthropic sends events to Datadog with metadata such as: model used, session ID, client type, platform, subscription type, whether the user is an Anthropic employee (the so-called USER_TYPE === ‘ant’), remote repository hash, and organization information. It doesn’t send code or file paths (there’s a typing I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS that acts as an engineering lock to prevent this), but the exact extent of what is collected is now transparent for anyone to audit, and this will inevitably generate privacy debates. Fourth, the internal infrastructure becomes visible. Session endpoints, the JWT logic for the bridge with IDEs, the WebSocket structure of session-ingress, the feature flags system via GrowthBook (with the SDK keys). None of this compromises user data, but it gives a technical adversary a deep understanding of the platform’s attack surface. Anthropic will probably rotate the client-side keys as a precaution. Telemetry can be disabled (the code shows: DISABLE_TELEMETRY=1 or CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC=1), which is useful information that is now transparently documented. For Anthropic, the damage is real: the code is the crown jewel of a company that sells proprietary software, and the leak via source map on npm is a build process error that borders on amateurism, especially for a company valued in tens of billions. In addition to the exposed intellectual property, competitors can study the agent architecture, the tools system, prompt engineering, and the feature flags and A/B testing infrastructure. In simpler words: heads will roll!

🔐 AI is transforming the way businesses work, and accelerating AI initiatives is key to staying competitive. But with AI comes the challenge of protecting sensitive data and ensuring secure adoption. To succeed, orgs need a solid foundation that safeguards AI tools, custom applications, and data through a Zero Trust approach. By prioritizing security and scalability, businesses can confidently unlock the full potential of AI to drive innovation and productivity in today’s fast-changing landscape. Read the blog to learn more → https://t.co/MPsXWJrEvP Join our launch event happening today! → https://t.co/Q9ZJzwilpO #AI #ZeroTrust #Cybersecurity