A single poisoned software extension installed on an employee’s device has given attackers access to 3,800 of GitHub’s internal repositories. The security breach, confirmed by GitHub this week, centered on a compromised version of the Nx Console extension, which was live on the Visual Studio Marketplace for just 18 minutes. The incident highlights the growing risk of "vibe coding," where non-technical users install unverified AI-managed libraries that may contain malicious code.

Researchers who have tested Anthropic’s Mythos and OpenAI’s GPT-5.5 say their autonomous hacking capabilities are a "game-changer." While these labs claim to use their models for defense, the Mythos model has already scanned 1,000 open-source projects, finding over 500 high-severity bugs. Tech leaders warn that the digital security landscape is changing faster than regulation can manage, as agentic AI begins to write its own malware and exploit vulnerabilities in the collective infrastructure of the internet.

As the state leases its digital sovereignty to private labs, the common digital perimeter is being enclosed. This is the "Cognitive Enclosure" in action: the tools required to protect the public from automated pathogens are being hoarded by a handful of firms. The GitHub breach is not a failure of individual oversight, but a symptom of a system where the speed of capital-driven automation has outrun the human capacity for engineering integrity.