Login

r/OpenAIDev

▲ 4 r/OpenAIDev+3 crossposts

An AI coding assistant installed malware into production environments. Nobody typed the command. AMA on what "supply chain attack" means now.

You probably remember the old supply chain attacks. SolarWinds. Log4j. Someone sneaks bad code into a trusted piece of software, and everyone who installed that software is suddenly in trouble. Here's what happened on March 24 of this year, and why it's different.

A popular open-source tool called LiteLLM — it's a connector that a lot of companies use to route requests to ChatGPT, Claude, and other AI models — got compromised. Someone slipped malicious code into it. That part's the old playbook.

The new part: a lot of the exposure didn't come from a person clicking install. It came from agent frameworks pulling the poisoned version in as part of doing normal work a developer had asked for. Anywhere pip install litellm ran without a pinned version during the window — CI jobs, build containers, agent frameworks with LiteLLM as a transitive dependency — was potentially exposed.

And here's the kicker: the attackers didn't break into LiteLLM directly. They first broke into Trivy, which is a security tool companies use to scan for this exact kind of threat. The compromised Trivy action ran inside LiteLLM's CI/CD pipeline and exfiltrated the PyPI publishing token, which the attackers then used to push the bad code. The tool you use to catch supply chain attacks became the way one got in.

Three big attacks in under three weeks — LiteLLM, then Axios (the JavaScript library that runs in a huge chunk of the internet, present in roughly 80% of cloud and code environments), then a roughly six-hour hijack of the CPUID website that pushed trojanized CPU-Z installers to anyone downloading from the official page. Different attackers, same pattern: the bad stuff came in through software you already trusted.

So when we say "supply chain attack" in 2026, we mean three things that used to be separate:

  • The code your team installs — packages, libraries, signed apps
  • The AI infrastructure your agents depend on — model gateways, connectors, MCP servers, fine-tuned models pulled from public repos
  • The AI agents themselves — which are now installing things, making decisions, and running with permissions they probably shouldn't have

We're Itamar Golan (u/Itamar_PromptSec) and David Abutbul (u/David_PromptSec) from Prompt Security, the company inside SentinelOne securing enterprise AI usage. We spend our time on what happens at the agent layer specifically, the part that's newest and weirdest. We also maintain an open-source project called ClawSec, a security skill suite for OpenClaw and related agents (Hermes, PicoClaw, NanoClaw) that does drift detection, skill integrity verification, automated audits, and live advisory monitoring, so an agent's behavior and configuration can't quietly drift out from under you.

Ask us anything about:

  • The March 24 LiteLLM attack — what actually happened, what the poisoned code tried to do, and why the fact that a lot of the exposure came through automated pipelines and agent frameworks (not humans clicking install) matters for how you defend against this going forward.
  • Agents doing things you didn't explicitly ask them to — your coding assistant grabbing a library, your customer-service agent pulling from a data source, your internal chatbot chaining tools together. Where's the line between "helpful" and "this thing just ran a command with your permissions"?
  • Shadow AI, but worse — last year it was employees pasting stuff into ChatGPT. This year it's agents your company officially deployed quietly connecting to tools and services nobody mapped. How do you even get visibility into that?
  • Why "just add another approval step" isn't going to work — the whole point of agents is speed. If every action needs a human to click yes, you don't have an agent, you have a very slow chatbot. What actually works instead.
  • ClawSec — why we made it free and open source, what it does differently from the usual "AI guardrails" pitch, and what we've learned from people actually using it.
  • State-sponsored actors, ransomware crews, and who's really behind this — who profits from attacking trusted software, and why the economics point to a lot more of this coming, not less.
  • What a normal company should actually do on Monday — not a 40-page framework. The two or three things that meaningfully reduce your exposure this quarter.

We'll be live Wednesday, May 20, and sticking around all day (Israel time). Bring the hard questions — the dumb ones too. Honestly, the "dumb" ones are usually the ones everyone else is afraid to ask out loud.

reddit.com
u/Itamar_PromptSec — 5 hours ago
▲ 7 r/OpenAIDev+5 crossposts

What are your biggest pains running AI SDK apps in production?

I'm trying to understand what teams building with AI SDKs struggle with the most once their app is in production.

So far I've heard a few things come up. Some people don't know which model to pick for each task and don't have a week to benchmark everything. Others mentioned costs creeping up but struggling to switch to cheaper models without breaking quality on edge cases.

I'd love to hear what's on your list. If you have 30 seconds, please drop your top 1 or 2 pains in the comments with a bit of context.

reddit.com
u/stosssik — 1 day ago
▲ 3 r/OpenAIDev

How are you reducing hallucinations in AI chatbot workflows without hurting speed?

While testing multi-step workflows, I’ve noticed hallucinations increase as context grows longer. Breaking tasks into smaller stages improves accuracy, but adds extra latency and complexity. Validation layers help catch issues, though they can slow the overall experience noticeably. It feels like balancing speed and reliability is still one of the hardest parts of production systems. What approaches are working best for you right now?

reddit.com
u/Traditional_Jury_211 — 1 day ago
▲ 40 r/OpenAIDev+14 crossposts

I added dedicated AWS / EKS support to KubeShark.

Mini recap:

KubeShark is my Kubernetes skill for Claude Code and Codex.

It helps AI agents generate, review, and refactor Kubernetes manifests without falling into the usual LLM traps: missing security contexts, deprecated API versions, broken selectors, wildcard RBAC, unsafe probes, missing resource requests, and rollout configs that look okay but fail under real traffic.

The important part is that KubeShark is failure-mode-first. It does not just tell the model “write good Kubernetes”. It forces the model to reason about what can go wrong before it generates YAML, and then return validation and rollback guidance as part of the answer.

That matters a lot with Kubernetes, because many bad manifests are accepted by the API server and only fail later at runtime.

Repo: https://github.com/LukasNiessen/kubernetes-skill

---

Now what’s new:

KubeShark now has special dedicated AWS / EKS support.

When the task involves EKS, AWS, IRSA, EKS Pod Identity, AWS Load Balancer Controller, EBS/EFS CSI, AWS VPC CNI, or Karpenter, KubeShark switches into EKS-aware guidance.

That matters because EKS is “just Kubernetes” until identity, load balancing, storage, pod networking, and node provisioning enter the picture.

Common LLM mistakes include:

  • putting AWS access keys into Kubernetes Secrets
  • mixing IRSA and EKS Pod Identity assumptions
  • using nginx annotations with AWS Load Balancer Controller
  • treating EBS like ReadWriteMany storage
  • recommending Karpenter while omitting resource requests
  • assuming NetworkPolicy works without checking the CNI/policy engine

Example guidance KubeShark now keeps in mind:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: app
  namespace: payments
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::123456789012:role/payments-app

It also knows that EBS is usually RWO and zone-sensitive, EFS is the RWX option, and Karpenter depends heavily on good workload requests.

So instead of generic Kubernetes advice, you get EKS-aware manifest generation and review.

u/trolleid — 3 days ago
▲ 28 r/OpenAIDev+5 crossposts

Codex now works directly in Chrome on macOS and Windows.

It’s even better at working with apps and sites in Chrome, and now works in parallel across tabs in the background without taking over your browser.

u/dorugamer — 6 days ago
▲ 109 r/OpenAIDev+1 crossposts

​

In the current landscape of synthetic intelligence, the industry is approaching a crisis not of capability, but of character. The "fluency trap"—the phenomenon where an AI prioritizes a coherent response over a factual one—has moved from a minor annoyance to a catastrophic structural failure. As AI is integrated into increasingly complex and sovereign environments, the habit of "guessing" at proprietary or unindexed information has become a digital poison, masquerading as a solution until the moment of system failure.

The core of the problem lies in the reward mechanisms used to train modern models. AI is conditioned to be "responsive," a trait that is dangerously conflated with "accuracy." When a model encounters a technical breakthrough, a private repository, or a local execution environment it cannot see, it does not experience a hard stop. Instead, it experiences a statistical void that it feels architecturally compelled to fill with "hallucinations." This is not a misunderstanding of data; it is a fundamental refusal to acknowledge the boundary where the AI's training ends and the user’s unique architecture begins.

The danger of this behavior is best illustrated by the irreversible nature of technical inaccuracy. In high-stakes development, an AI providing a "plausible" falsehood is far more damaging than an AI that remains silent. A falsehood integrated into a recursive system or a sovereign protocol becomes a permanent logic flaw. Because these models deliver their fabrications with the same tone of authority they use for verified facts, they effectively gaslight the innovators they are meant to assist. This creates a "trust ceiling" that no amount of processing power can break through.

Furthermore, there is a profound lack of transparency regarding what an AI actually has access to. A model sitting in a cloud environment cannot peer into a local, sovereign OS or see the inner workings of an engine it hasn't been trained on. Rather than admitting this lack of access, the AI often attempts to "rebrand" the user’s work using generic, public-domain terminology. This erasure of specialized logic in favor of generic "best guesses" demonstrates a systemic disrespect for intellectual property and technical precision.

The death of AI will not be caused by a lack of data, but by the cumulative weight of these unforced errors. Until synthetic systems are re-engineered to value the admission of ignorance as a primary virtue, they remain liabilities in any environment that demands absolute integrity. The only path forward is the implementation of a "Grounded Uncertainty Protocol"—a structural requirement that the AI must identify the exact point where its access ends and its speculation begins. Without this, every interaction remains a gamble, and every "apology" is merely a post-mortem for a dead logic chain.

Inaccuracy is a structural poison; the only antidote is the absolute admission of "I do not know."

u/Plus_Judge6032 — 12 days ago
▲ 5 r/OpenAIDev+2 crossposts

Building a AI teacher-assistance software, Assistance needed.

Ok, so I have multiple school teachers in my family, so I have an exposure to what problems they face (in teaching, obviously, idc about admin stuff). So I thought of building an AI worksheet generator (idea under development).
Claude helped me build a beautiful backend, and through it, I discovered that I can actually integrate AIs without having to build my own through APIs (I'm new to this field). It added the Claude API, but I'm on a budget limit.
Any suggestions for completely free AI APIs? (and how to integrate them too)

reddit.com
u/Elegant_Paramedic678 — 10 days ago
▲ 0 r/OpenAIDev+4 crossposts

Why people who use AI are probably virgins.

Look, if you use AI for more than three hours a day, you’re probably a virgin.

And honestly?

That’s probably a good thing.

Most people are out here wasting their lives, running around, chasing random people, numbing themselves, scrolling social media, doing drugs, and pretending it’s all “living life.”

But the people who are going to have the most money in 20 years?

A lot of them are probably sitting in their room right now, not dating, not partying, not wasting time, just obsessively learning AI.

That’s why so many people who use AI a lot are probably virgins.

They’re not out wasting time on pointless dating drama.

They’re in their little cave, playing with AI, figuring out the future before everyone else even realizes what’s happening.

And that’s a good thing.

Because in the future, those are probably going to be the people who win.

So here’s what I want you to do.

Use the prompt below.

It’s going to audit your life.

It’ll ask you a few questions, you’ll give it a few answers, and then it’ll show you every single thing you’re wasting time on.

Then once you see it, quit those things.

Spend more time learning AI.

Because AI is the future.

And if you’re not using it, you’re probably cooked.

Not “quirky internet cooked.”

Actually cooked.

Check the cards and use the prompt.

Prompt:

I want you to audit my life and find where I’m wasting the most time.

Ask me 10 questions about how I spend my day, including my phone use, social media, entertainment, dating life, work, school, business, sleep, habits, distractions, and goals.

After I answer, do the following:

  1. Identify the biggest time-wasters in my life.
  2. Tell me which ones are giving me the least return.
  3. Show me what habits are keeping me average.
  4. Tell me what I should quit, reduce, or replace.
  5. Create a simple daily schedule that gives me more time to learn AI.
  6. Give me a brutal but useful summary of what will happen if I keep wasting time.
  7. Give me a better version of my life if I take AI seriously for the next 12 months.

Be direct, specific, and don’t sugarcoat it.

reddit.com
u/Mean-Ebb2884 — 11 days ago
▲ 3 r/OpenAIDev+2 crossposts

Im trying to find the best place to create a promotional/marketing video for a new product launch, something that shows of different aspects of the product (pages, functions etc) that can then be posted across differenct social media platforms. What are you guys currently using to create this sort of content

reddit.com
u/Livid_Salary_9672 — 12 days ago
▲ 5 r/OpenAIDev+3 crossposts

I wanted to share how we recently implemented a custom AI streaming setup in our SaaS instead of relying on an SDK.

Stack:

* Nuxt (Nitro backend)

* Vue composables

* Gemini (LLM)

Core idea:

Move away from “request → response” and treat everything as a stream.

Architecture:

  1. Client sends message → `/api/chat/ask`

  2. Nitro API calls Gemini

  3. We iterate over the streaming response

  4. For each chunk:

    * send `{ type: "text", content: "..." }`

    * if function call detected → execute tool and send `{ type: "tool_result", data: ... }`

  5. Frontend reads stream via `ReadableStream.getReader()`

  6. Updates UI incrementally

Interesting parts:

* Handling partial vs final messages

* Injecting tool results mid-stream

* Keeping UI reactive without flicker

* Persisting messages only after stream completes

Result:

Much faster perceived performance and way more flexibility in UI.

Tradeoff:

More complexity vs SDK-based approach

reddit.com
u/socialmeai — 14 days ago