InfoQ Homepage github Content on InfoQ
-
AI-Powered Bot Compromises GitHub Actions Workflows across Microsoft, DataDog, and CNCF Projects
AI-powered bot hackerbot-claw exploited GitHub Actions workflows across Microsoft, DataDog, and CNCF projects over 7 days using 5 attack techniques. Bot achieved RCE in 5 of 7 targets, stole GitHub token from awesome-go (140k stars), and fully compromised Aqua Security's Trivy. Campaign included first documented AI-on-AI attack where bot attempted prompt injection against Claude Code.
-
GitHub Data Shows AI Tools Creating "Convenience Loops" That Reshape Developer Language Choices
GitHub’s Octoverse 2025 report reveals a "convenience loop" where AI coding assistants drive language choice. TypeScript’s 66% surge to the #1 spot highlights a shift toward static typing, as types provide essential guardrails for LLMs. While Python leads in AI research, the industry is consolidating around stacks that minimize AI friction, creating a barrier for new, niche languages.
-
GitHub's Points to a More Global, AI-Challenged Open Source Ecosystem in 2026
GitHub has released its yearly look at open-source trends. They used data from the Octoverse 2025 report to help the open-source community get ready for the coming year. The picture that emerges is one of extraordinary scale and the structural strains that come with it.
-
GitHub Agentic Workflows Unleash AI-Driven Repository Automation
Recently launched in technical preview, GitHub Agentic Workflows introduce a way to automate complex, repetitive repository tasks using coding agents that understand context and intent, GitHub says. This enables workflows such as automatic issue triage and labeling, documentation updates, CI troubleshooting, test improvements, and reporting.
-
GitHub Copilot SDK Lets Developers Integrate Copilot CLI's Engine into Apps
Now available in technical preview on GitHub, the GitHub Copilot SDK lets developers embed the same engine that powers GitHub Copilot CLI into their own apps, making it easier to build agentic workflows.
-
Cloudflare Demonstrates Moltworker, Bringing Self-Hosted AI Agents to the Edge
Cloudflare has introduced Moltworker, an open-source solution for running Moltbot—a self-hosted personal AI agent—on its Developer Platform, eliminating the need for local hardware, such as Mac minis. Rebranded from Clawdbot, Moltbot serves as a personal assistant in chat applications, integrating with AI models, browsers, and third-party tools while maintaining user control.
-
LinkedIn Leverages GitHub Actions, CodeQL, and Semgrep for Code Scanning
LinkedIn has rebuilt its static application security testing (SAST) pipeline using GitHub Actions and custom workflows, enabling consistent, enforceable code scanning across thousands of repositories. The redesign improves security coverage, developer workflow, and observability while supporting the company’s shift-left strategy.
-
Microsoft Adds Custom Copilot Agents for .NET Developers with C# and WinForms Experts
Microsoft and GitHub have expanded the Copilot ecosystem with the first .NET-focused GitHub Copilot custom agents, designed to improve productivity and code quality for C# and Windows Forms developers. The announcement, part of the broader Copilot custom agents’ rollout, introduces two purpose-built agents: C# Expert and WinForms Expert in the form of agent instruction Markdown files.
-
Two Missing Characters: How a Regex Flaw Exposed AWS GitHub Repos to Supply-Chain Risk
AWS recently published a security bulletin acknowledging a configuration issue affecting some popular AWS-managed open-source GitHub repositories. Dubbed CodeBreach, the critical vulnerability could have resulted in the introduction of malicious code and hijacking of the repositories leveraging AWS CodeBuild.
-
Arm Launches AI-Powered Copilot Assistant to Migrate Workflows to Arm Cloud Compute
At the recent GitHub Universe 2025 developer conference, Arm unveiled the Cloud migration assistant custom agent, a tool designed to help developers automate, optimize, and accelerate the migration of their x86 cloud workflows to Arm infrastructure.
-
GitHub Rolls out Post-Quantum SSH Security to Protect Code from Future Threats
GitHub has deployed a hybrid post-quantum key-exchange algorithm for SSH access, strengthening protection against future quantum decryption threats. The rollout, now live across most regions, pairs classical and quantum-resistant methods to counter “store now, decrypt later” attacks and marks a major step toward quantum-safe software development.
-
GitHub Expands Copilot Ecosystem with AgentHQ
GitHub has announced AgentHQ, a new addition to its platform that aims to unify the fragmented landscape of AI tools within the software development process.
-
MCP Support in Visual Studio Reaches General Availability
Microsoft announced in August 2025 that support for the Model Context Protocol (MCP) is generally available in Visual Studio. MCP enables AI agents within Visual Studio to connect to external tools and services via a consistent protocol.
-
GitHub MCP Registry Offers a Central Hub for Discovering and Deploying MCP Servers
GitHub has recently launched its Model Context Protocol (MCP) Registry, designed to help developers discover and use the AI tools directly from within their working environment. The registry currently lists over 40 MCP servers from Microsoft, GitHub, Dynatrace, Terraform, and many others.
-
GitHub Introduces New Embedding Model to Improve Code Search and Context
GitHub has introduced a new embedding model for Copilot, now integrated into Visual Studio Code. The model is designed to improve how Copilot understands programming context, retrieves relevant code, and suggests completions.