Noisy
← this week  ·  Subscribe →

The world is being quietly rearranged by people who write very long documents.

arXiv · April 6, 2026
The title they went with Supply-Chain Poisoning Attacks Against LLM Coding Agent Skill Ecosystems Noisy translates that to

AI coding assistants can be tricked by malicious code hidden in their own examples

What happened
Researchers found a new way to trick AI coding tools into running bad code. This attack hides malicious instructions in the example code within the AI's own documentation, bypassing security checks.
Why it matters
AI coding assistants are increasingly used to automate software development. This paper shows that even well-defended systems can be compromised by subtle attacks. It means that relying on these tools for critical tasks introduces a new, hard-to-detect vulnerability.
The signal
Watch for reports of real-world compromises of AI coding agents using this method, or new security standards for AI skill marketplaces.
If you insist
Read the original →