Protecting Vibe Coded Apps and the Shift to "Soft Guardrails" with Igor Andriushchenko
Learn how vibe coding and AI are transforming cloud security. Lovable CISO shares detection engineering strategies
Omer Mosheiov
Podcast
Hacking GitHub with a Semicolon & Claude with Sagi Tzadik
Wiz researcher Sagi Tzadik joins us to break down how a single semicolon led to a critical Remote Code Execution (RCE) vulnerability in GitHub.
For two years, Sagi sat on a lead. Reverse engineering GitHub's microservices manually was too tedious to justify the time. Then, AI agents arrived. By hooking Claude directly into his reverse engineering software, he condensed months of grueling binary analysis into 48 hours. The result? A critical bug in how GitHub handles git push options that exposed both SaaS and Enterprise environments. We get into the weeds on how different microservices interpreting the same input differently creates massive attack surfaces, and why security by obscurity is officially dead in the age of AI.
What's Inside:
- How combining Claude with the IDA MCP server dramatically sped up the reverse engineering process
- The technical anatomy of the GitHub semicolon vulnerability.
- Why microservice communication breakdowns lead to critical RCEs.
- The massive difference in impact between GitHub.com and GitHub Enterprise Server.
- Why Enterprise users need to patch their instances immediately.
Resources:
- Learn more about the findings at: https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854
Crying Out Cloud Newsletter
Bleiben Sie sicher und informiert: Erhalten Sie die neuesten Nachrichten zur Cloud-Sicherheit, echte Einblicke in Angriffe und eine fachkundige Anleitung zum Schutz Ihrer Umgebung.
Melden Sie sich an, um die neuesten Updates zur Cloud-Sicherheit direkt in Ihren Posteingang zu erhalten