Security Now (Audio) SN 1056: Australia - AI Coding Blunders Exposed
56 snips
Dec 17, 2025 Australia's social media age verification sparks a global debate over privacy and facial detection flaws. Home Depot faces scrutiny for slow responses to a security breach. The hosts discuss alarming trends in malicious open-source packages and potential threats to the U.S. power grid from China. React vulnerabilities are explored in depth, revealing widespread exploitation. Apple addresses critical security patches, while Let's Encrypt celebrates massive growth amidst centralization risks. Listener feedback highlights concerns about age verification impacts and privacy.
AI Snips
Chapters
Transcript
Episode notes
Long-Lived Token Exposure At Home Depot
- Home Depot left a GitHub access token exposed for nearly two years, granting access to hundreds of private repositories.
- The company ignored repeated researcher notifications and only revoked access after media outreach, showing poor security culture.
AI Is Adding Bloat To Open Source
- GNOME extension reviewers are rejecting AI-generated packages with unnecessary, bloated code.
- LLMs inject defensive patterns like gratuitous try/catch blocks that proliferate when unchecked.
Repository Ecosystems Became Attack Magnets
- Malicious submissions to package registries surged in 2025, with NPM dominating the risk surface.
- Attackers used obfuscation, install-time downloads, typo-squats, and precompiled binaries at scale.