Blog

Thoughts, updates, and insights from the Superagent team.

ResearchJuly 6, 20264 min read

When Terminal Output Owns Your Clipboard: OSC 52 in Warp

Affected Warp builds honored OSC 52 clipboard escape sequences from terminal output, allowing silent clipboard reads and writes with no default-deny gate.

Read more
SecurityJune 10, 20263 min read

A bad patch is worse than no patch.

AI is making vulnerability discovery cheap, but closing vulnerabilities still requires validation, safe fixes, and human-reviewed merges. The valuable part is the close.

Read more
SecurityApril 28, 20263 min read

Backburning Open Source: Partnering with dotenvx to Find Vulnerabilities Before Attackers Do

Open source maintainers are defending critical software against attackers with more compute. Our dotenvx partnership shows how hardened packages can close the silent window.

Read more
ResearchMarch 24, 20265 min read

Frontier models miss 57% of threats in agent context

We ran 485 real artifacts through Claude 4.6 Opus with a security-focused system prompt. The model missed 57% of the threats brin had already identified. Here's the full breakdown.

Read more
SecurityFebruary 18, 20265 min read

The Cline Incidents and the Broken Security Model

Two Cline security incidents in two months expose the same underlying problem: AI agents treat untrusted content as instructions. The npm supply chain and prompt injection attacks reveal why the current security model is fundamentally broken.

Read more
AnnouncementsFebruary 17, 20263 min read

Launching brin.sh — realtime threat detection for agents

Protect your agents from getting hacked. Brin scores everything your agent is about to consume before it does. Free to use, no auth, no SDK, no signup.

Read more
Next

Join our newsletter

Updates on securing code and agents, vulnerability research, and product news.