VibeCoding

Before it was vibecoding, now it is cybersecurity

by

Claude Mythos Preview has turned upside down the AI ​​segment. Anthropic’s new model is so powerful that its creators have preferred not to release it publicly. In their official announcement they already made it clear: it is capable of finding security vulnerabilities that seemed almost impossible to findand that has allowed Anthropic to pose a disturbing message: if you want your system to be truly secure, you’re going to need Mythos to guarantee it. From vibecoding to cybersecurity. This has caused a wave of interest in a model that is no longer good because it programs better: it is good because it makes (theoretically) your application or your service safe from cyberattackers. That is critical especially in these times, and the first ones who are trying to cover their backs are governments and financial institutions. At the moment only a few have access to Mythos, and for example the European Central Bank already preparing contingency plans. Before, AI conquered us with vibecoding. Now he will conquer us by saving our savings. OpenAI moves not a token… Anthropic’s speech has been so powerful that OpenAI did not want to be left behind. As soon as it launched its latest model, GPT-5.5, a few days agoalready mentioned that it had a variant called GPT-5.5-Cyber ​​specifically intended for cybersecurity analysis. Here the company led by Sam Altman wanted to turn its model into a more accessible option for all types of organizations and companies, and opened a certified access program, something that Anthropic does not seem to have. Altman himself had described the movement as Anthropic as a marketing ploy…and then end up copying that same strategy of fear. …but two. Not happy with this move, OpenAI launched yesterday afternoon Daybreak. This is not a new AI model that competes with Mythos, but rather a cybersecurity initiative that combines AI models such as GPT-5.5-Cyber ​​with the agent specialized in this area, Codex Security. OpenAI has restricted access in a similar way to how Anthropic has done with Mythos, but does allow you to request a security scan in addition to contacting their sales team. There are already several organizations with access (Akamai, Cisco, Cloudflare or Oracle, among others), but it is ironic that once again Altman criticized his rival and then copied his ideas not once, but twice. That, after all, is a marketing strategy to sell its AI solutions focusing on cybersecurity. Google is not going to be less. A report from the Google Threat Intelligence Group (GTIG) further encouraged the matter yesterday. The firm’s cybersecurity experts they stood out how they had managed to first detect and then stop an exploit developed entirely with AI. In this case, Google has not announced any model or initiative that rivals those of its competitors, but it does add to an increasingly frequent message: AI is going to be the next great cybersecurity threat. The 90-day window does not lose meaning. Some cybersecurity experts are already warning of the implications of this entire phenomenon. Himanshu Anand explained this week how what is starting to make no sense is the well-known 90-day disclosure policy. According to her, when someone discovers a vulnerability in an app, the app’s developer must have a margin of 90 days to create and distribute the patch. As he explained, “When ten researchers who don’t know each other find the same bug in six weeks, and the AI ​​is able to turn that into a working exploit in 30 minutes, who exactly is that 90-day period protecting? Nobody.” Mythos is not perfect. And while the big players in the segment are gaining positions, Mythos has shown that it is not perfect. The developer of the famous tool curlDaniel Stenberg, also told this week how you were able to use Mythos to analyze your source code. Curl programmed in C, has 176,000 lines of code and 660,000 words, 12% more than the English edition of the novel ‘War and Peace’. This is a hugely mature and very well-managed project, and so it was especially interesting to see if Mythos would manage to find many security flaws. And it may not be that bad. Anthropic’s model claimed to have found five confirmed security flaws, but after analysis with his team, Stenberg made it clear that it had actually only found one. And one with “low severity” not too dangerous. Of the rest, three were false positives, and the fourth was an unimportant “bug”, not a security flaw. For Stenberg Mythos does not seem much more advanced than other tools of this type that he has used in the past: “this model may be a little better, but even if it is, it is not better to a degree that could have a big impact on code analysis.” Even so, this developer praised the new AI tools for code analysis, which he believes are significantly better than traditional tools for this task. In Xataka | The hype for Claude Mythos is beginning to be justified: Firefox found and fixed more security flaws in one month than in the previous 15 months

The house of Open Source is collapsing because of vibecoding

by

When it arrived, GitHub was miraculous for Open Source developers. Not only did it allow you to have a platform on which to host your code and always have it updated thanks to the version control software on which it was based (Git), but it did so with a social network component that definitively boosted its growth. Everything was wonderful, but suddenly it wasn’t. When GitHub didn’t exist. Developer Armin Ronacher I remembered GitHub before GitHub. When your Open Source software was on SourceForge, you had Trac running and that segment was filled with decentralized and anarchic Subversion repositories. It is a good way to remember how important the arrival of GitHub was, which solved almost all the problems that existed for these developers and became the backbone of the Open Source community. The Ghostty Earthquake. Although there had already been criticism and complaints in recent months, there has been a before and after in this situation. It happened this week, when Mitchell Hashimoto, developer of ghosttyannounced that left GitHub. This terminal emulator is a project with notable popularity on GitHub (more than 52,000 stars), but its creator has become fed up with the platform’s unreliability and has declared that “this is no longer a serious place to work.” GitHub acknowledges the problems. Last March, GitHub CTO, Vlad Fedorov, admitted in an article on the company’s official blog that the platform was indeed suffering availability problems. Hashimoto’s post seemed to set off even more alarm bells, because the same engineer published an article shortly after titled “An update on GitHub availability.” In it he apologized again, but also explained that the problems have a culprit. At GitHub they wanted to explain that the availability problems are due to the brutal growth they have had in software creation in recent months. Source: GitHub. Damn AI agents. This engineer indicated how in recent months they have realized that they need a redesign of GitHub that can scale by multiplying its capacity by 30. “The main reason for this rapid change is in how the software is being developed. Since the second half of December 2025, agentic development workflows have accelerated significantly.” The vibecoding phenomenon and the rise of Claude Code and other agentic development tools have caused companies and new users to develop more and more software, and that has caused reliability problems in a platform that was not prepared for this avalanche of code. They promise to fix the problem. At GitHub they know what to do: “Our priorities are clear: first availability, then capacity, then new features.” They are going to focus entirely on that to improve the behavior of critical services and optimize availability that in April has fallen to 85%, something unacceptable for a service on which millions of developers depend. The official history of its availability makes it clear: too many yellow and red updates. GitHub has no CEO. There is one more element that worries in the future of the company. In August 2025 Thomas Dohmke left office CEO and Microsoft did not replace him. Instead of that distributed management functions among several executives and integrated GitHub into the CoreAI division. Meanwhile, Dohmke announced in February the creation of his new startup, called Entire, which is precisely intended as an evolved successor to GitHub that proposes solutions for the new flow of software development that has emerged with AI. The alternatives are fine, but. There are, of course, very valid alternative platforms. Among them is including Plastic SCM, from the Spanish Códice Softwarewhich in turn was purchased by Unity in 2020. There are others like CodeBerg or GitLab even more popular among the community, and even OpenAI seems want to create your own platform. Whether you do it or not, the problem with all of them is the same: GitHub had become a social network for developers, and it showed that in this case centralization provided more advantages than disadvantages. If the community now spreads out, project discovery and contributions will become fragmented. Image | Rubaitul Azad In Xataka | AI came into our lives under a “freemium” model: GitHub and Claude are clear that the future is paying for it

Someone has created the first complete advanced malware by vibecoding with AI. It’s called Voidlink and it leaves an important question

by

For a long time, develop malware advanced seemed reserved for actors with experience, time and considerable technical capacity, especially in an environment in which operating systems and many platforms have been tightening their defenses. But the table is changing. What we have seen in recent years is that artificial intelligence not only serves to summarize texts or answer questions, it can also very visibly accelerate the software creation when given precise instructions. And that leaves us facing a reality that is difficult to ignore: the same tool that simplifies legitimate tasks can also reduce part of the effort necessary to create malicious code. That change begins to take concrete form with VoidLink. In his analysisCheck Point presents it as one of the strongest evidence so far of advanced malware developed largely with the help of AI. There is, however, an important nuance in the investigation itself: the company assures that it detected it at an early stage, that it was not deployed against victims and that it was not used in active attacks. But that is precisely why the discovery is so revealing, because it allowed access to development materials that rarely come to light. How VoidLink was built and why it changes the dashboard VoidLink was not, at least on paper, a minor piece or a rudimentary experiment. The cybersecurity firm describes it as a malware framework for Linux with a modular architecture, designed to maintain stealthy and prolonged access in cloud environments. In his analysis he mentions components such as eBPF and LKM rootkits, as well as specific modules for cloud enumeration and subsequent activities in container environments. That level of maturity is just what separates it from other previous cases associated with simpler code. One of the most striking twists in the case is who seems to have been behind it. Check Point explains that, due to its internal structure and the pace of evolution observed, VoidLink gave the impression of having come from a large team, with different profiles and a fairly defined work plan. But the evidence collected by the firm points to something very different: a single actor who, according to the investigation, would have had AI support during different phases of development. There is also another relevant element: that actor would not be a rookie, but rather someone with a solid technical base and previous experience in cybersecurity. The most revealing part of the case is how the project would have been built. The firm describes a working method based on what it calls Spec Driven Development that works as follows: You define what you want to build This idea is translated into architecture, tasks, sprints and delivery criteria The implementation is delegated to the model. In the exposed materials, development plans, technical documentation, coding standards, deployment and testing guides appeared, as well as an organization by teams and phases that supports this model. One of the recovered artifacts, dated December 4, 2025, further suggests that VoidLink had already reached a functional phase in less than a week and exceeded the 88,000 lines of code. That is precisely what separates VoidLink from other precedents. Check Point maintains that this is the strongest evidence of malware created almost entirely with the help of AI. “This is the first confirmed case of advanced AI-generated malware, created with the speed, structure and sophistication of an entire engineering organization,” claims the company. The question now is how far malicious actors can go with these types of techniques. Images | Xataka with Nano Banana | Check Point In Xataka | The Booking hack is a little more disturbing: “Tracking phishing” attacks are here to stay

An AI startup with six months of life and six employees has sold for 80 million dollars. Vibe-Coding, of course

by

Maor Shlomo is 31 years old, is Israeli and six months ago created a small platform of Vibe Coding. He did it almost like a secondary project, but the growth of the project has been vertiginous. So much that after that time the company has just sold for 80 million dollars. We are facing a sign of the times that come to us. AI as a unicorn promoter. There are more “unicorns” than ever. None has become a true giant, but reaching an assessment of 1,000 million dollars has become something relatively normal. Achieving something like that seems very complicated, but there is already talk of how the irruption of AI will make many entrepreneurs convert their startups into unicorns. Uniquersonal unicorns. The difference With the current unicorns It is that these future business successes may be created and managed by a single person. It is at least what it promises according to some AI, which will multiply productivity and avoid having to depend on other people to generate spectacular value. It is already spoken of “Only Unicorns” either “One-Person Unicorns“And the impact that AI agents can have in this type of startups. An example that brings us closer to that future. Shlomo created his little startup, called Base44just six months ago, but at that time the growth of it was such that it ended up hiring six employees According to Ctech. This week he announced that he had sold his company to Wix – a Platform to create blogs and websites – for 80 million dollars. 25 of them which will go to Shlomo and their team as “bonus” to retain them and continue working in Wix – also Israeli – although there are no data for how long they will have to stay in the company to collect said bonus. Vibe Coding. The platform created by Shlomo Perimte users create applications or games without having programming experience. It is an example of That fever for Vibe Coding that we are seeing in the world of programming. In just a few months Base44 managed to attract 100,000 users, in addition to signing various agreements with several Israeli companies known as Etoro or Similarweb. A singular entrepreneur. Shlomo had already co -founded Explorium, a predictive analysis company of Big Data, at age 24. He also made her In a successbut he had to comply with Israeli military service. After completing the service at the end of 2024, he preferred not to return to Explorium and work on another project. He counting The origin and its progress when creating base44 through Your X account. In less than 60 days I already had 100,000 users and two weeks ago indicated that he had generated a benefit of $ 189,000. Far from being a unicorn. Shlomo’s success is remarkable, but of course it is far from being considered a unicorn and much less One of those “only unicorns” “It has several employees in your team,” that is spoken so much and that the theoretically promotes. And yet, it is a good example that artificial intelligence raises the future. The AI ​​agents are in diapers, but the promise is that they will automate a lot of processes for those who use them. That could impact significantly on the template that these future startups will need, but for now everything is, we insist, a promise. One that Shlomo has become a reality. Image | Christina In Xataka | India has its own ‘Silicon Valley’ in Bangladés. The problem is that it is a ghost city

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.