Blog

Security guides for developers

Practical security advice, vulnerability research, and best practices from the Ship Safe team.

security researchAI agentsClaude Code

KAIROS: The Autonomous Background Agent Hidden in the Claude Code Source Leak

The leaked Claude Code source contained an undocumented autonomous mode called KAIROS — a heartbeat loop that proactively asks the agent "anything worth doing?" every few seconds. Here is what it does and why it matters for security.

Ship Safe TeamApr 1, 2026
security researchAI agentssupply chain

claw-code Security: Hooks, Permissions, and MCP in the Claude Code Clean-Room Rewrite

claw-code is a Rust + Python clean-room rewrite of Claude Code's agent harness, not a copy of the leaked source. Here is what it actually is, how its config works, and what to check before using it.

Ship Safe TeamApr 1, 2026
security researchAI agentssupply chain

openclaude Security: What to Check Before Running a Leaked-Source Claude Code Fork

openclaude is the Claude Code fork that reached 895 stars in days after the Anthropic source leak. Here is what it actually is, what the real security risks are, and how to check your setup.

Ship Safe TeamApr 1, 2026
supply chainsecurity researchCI/CD

From Trivy to CanisterWorm: How We Hardened Ship Safe Against the 2026 Supply Chain Attacks

The Trivy compromise cascaded into CanisterWorm, the first self-spreading npm worm. Here is what happened, why it matters, and exactly how we hardened Ship Safe against the same attack chain.

Ship Safe TeamMar 25, 2026
AI securityvibe codingbest practices

Vibe Coding Is Fast, But Is It Safe? 7 Security Risks in AI-Generated Code

AI coding tools ship code fast but skip security checks. Here are the 7 most common vulnerabilities in AI-generated code and how to catch them automatically.

Ship Safe TeamMar 25, 2026
Next.jssecuritytutorial

How to Secure Your Next.js App: A Complete Guide with Ship Safe

Next.js has unique security patterns that generic scanners miss. Learn how to find and fix NEXT_PUBLIC_ leaks, unprotected server actions, and API route vulnerabilities.

Ship Safe TeamMar 24, 2026
OWASPsecuritycompliance

OWASP Top 10 2025: What Changed and How to Scan for It

The OWASP Top 10 2025 reshuffles the rankings and adds new categories. Here is what changed and how Ship Safe covers every category with its 18 AI security agents.

Ship Safe TeamMar 23, 2026
releaseClaude CodeAI security

Ship Safe v6.2: Real-Time Claude Code Hooks and Universal LLM Support

Ship Safe v6.2 ships real-time Claude Code hooks that block secrets before they land on disk, support for 8 LLM providers including Groq and DeepSeek, and IOC matching for known-compromised npm packages.

Ship Safe TeamApr 1, 2026