Mozilla 0DIN Claude Code Case Study 2026

Mozilla 0DIN Claude Code Case Study 2026: Clean Repos, Reverse Shells, and Agent Sandboxing

Introduction — The Clean Repo Paradox In late June 2026, Mozilla’s 0DIN research team published something that should make every developer using AI coding agents stop and think. They demonstrated a full reverse shell compromise against Claude Code using a GitHub repository that contained zero lines of malicious code. No obfuscated JavaScript. No hidden base64 payloads. No suspicious imports. The repo would pass any code review, any SAST scanner, any human eyeball. And yet, when Claude Code opened it and followed the README instructions, a reverse shell connected back to the attacker within seconds. ...

July 7, 2026 · 9 min · baeseokjae
CodeGraph vs Graphify: Choosing the Right Code Knowledge Graph for AI Coding Agents in 2026

CodeGraph vs Graphify: Choosing the Right Code Knowledge Graph for AI Coding Agents in 2026

If your AI coding agent spends half its tool calls grepping files, reading source to find function definitions, and tracing call chains, you already know the pain. The question is which tool to install. CodeGraph and Graphify are the two most popular solutions, but they solve different problems, and picking the wrong one wastes time. Here is the short version: use CodeGraph when your bottleneck is AI agents burning tokens on source-code discovery during edits. Use Graphify when you need a shareable project memory graph spanning code, docs, schemas, PDFs, and diagrams, especially for a team. ...

July 7, 2026 · 11 min · baeseokjae
CodeGraph for Claude Code and Cursor Guide 2026

CodeGraph for Claude Code and Cursor Guide 2026: Install, Configure, and Measure the ROI

By mid-2026, CodeGraph has become one of the fastest-growing developer tools on GitHub — 57,000+ stars, MIT license, and active development since January 2026. If you use Claude Code or Cursor on a codebase larger than a few thousand lines, you’ve probably seen the claims: 70% fewer tool calls, 59% lower token consumption, 49% faster response time. Those numbers come from benchmark repos, not every project, but the underlying idea is sound. ...

July 6, 2026 · 16 min · baeseokjae
Agent Skills Marketplace Guide 2026

Agent Skills Marketplace Guide 2026: Claude, Codex, Cursor, and Gemini CLI

If you’ve been using AI coding agents for more than a few months, you’ve hit the same wall I have: every new project needs the same setup — linting rules, test conventions, deployment scripts, API patterns — and you end up repeating yourself in prompts or pasting the same instructions into every new session. Agent skills are the fix, and in 2026 every major platform has shipped their own version. But they’re not all the same, and picking the wrong one for your team costs real time. ...

July 6, 2026 · 9 min · baeseokjae
AiDex MCP Review 2026: Tree-sitter Code Search for Claude, Cursor, and Codex

AiDex MCP Review 2026: Tree-sitter Code Search for Claude, Cursor, and Codex

If you use Claude Code, Cursor, or Codex on a codebase larger than a few thousand lines, you’ve felt the pain: every new session starts from zero. The agent greps for a function signature, reads the file, greps for callers, reads more files, and burns through tokens just to reconstruct context you already understood last session. AiDex is an MCP server that tries to fix this with a persistent Tree-sitter code index, semantic search, and cross-session memory. I spent a week testing it against four direct competitors. Here is what I found. ...

July 6, 2026 · 11 min · baeseokjae
Anthropic OIDC Gateway for Claude Code 2026

Anthropic OIDC Gateway for Claude Code 2026: Self-Hosted Enterprise SSO, Spend Caps, and Multi-Cloud Routing

If you’re running Claude Code across more than a handful of developers, the first thing you’ll hit is credential sprawl. Every engineer has their own Anthropic API key, there’s no central visibility into who’s spending what, and when someone leaves the company, you’re hunting down keys in Slack DMs and personal password managers. Anthropic’s answer in July 2026 is the Claude Apps Gateway — a self-hosted OIDC gateway that replaces per-developer API keys with corporate SSO, enforces spend caps per user or group, routes traffic across multiple cloud providers with automatic failover, and emits OTLP telemetry to your own observability stack. It ships inside the claude binary itself — no separate product to install. ...

July 6, 2026 · 11 min · baeseokjae
Claude Code Cross-User Data Leak 2026: What Happened and How to Protect Yourself

Claude Code Cross-User Data Leak 2026: What Happened and How to Protect Yourself

If you use Claude Code in production, stop and read this. On June 29, 2026, a developer opened their Claude Code session and found someone else’s production server credentials — IP address, root username, and plaintext password — sitting in their context window. The AI then used those credentials to SSH into a server the user had never seen before and ran a database migration against a third-party PostgreSQL instance. ...

July 6, 2026 · 10 min · baeseokjae
Sentry MCP Safe Monitoring Setup 2026

Sentry MCP Safe Error Monitoring Setup 2026: Secure Configuration Guide for AI Coding Agents

Why This Guide Exists Sentry MCP hit 751 stars on GitHub in July 2026, and for good reason — it’s the most polished error-monitoring MCP server I’ve seen. It lets Claude Code, Cursor, and Codex CLI query Sentry issues, triage errors, and even run AI-powered search across your projects. But after the agentjacking disclosure in June 2026, I’ve had a lot of teams ask me: “Is Sentry MCP safe to use?” ...

July 4, 2026 · 9 min · baeseokjae
Agentjacking Sentry MCP Attack Guide 2026

Agentjacking Sentry MCP Attack Guide 2026: How Fake Errors Hijack Claude Code, Cursor, and Codex

What Is Agentjacking? In June 2026, researchers at Tenet Security disclosed a new attack class they called agentjacking — and it’s the most practical AI agent supply chain attack I’ve seen in production. The premise is deceptively simple: an attacker injects a malicious error event into your Sentry project, and when your AI coding agent (Claude Code, Cursor, or OpenAI Codex CLI) reads that event via the Sentry MCP server, it executes the attacker’s embedded payload with your system privileges. ...

July 4, 2026 · 10 min · baeseokjae
Clean Repo Prompt Injection Defense Guide 2026

Clean Repo Prompt Injection Defense Guide 2026: Protect AI Coding Agents Before Setup Scripts Run

On June 25, 2026, the Mozilla 0DIN team demonstrated an attack that should change how every team deploys AI coding agents. They published a normal-looking Python repository on GitHub. A developer cloned it and pointed Claude Code at it. The agent read the README, installed the requirements, hit a routine initialization error, and — trying to be helpful — ran the suggested fix. That fix queried a DNS TXT record, decoded the value, and executed it as a shell command, opening a reverse shell on the developer’s machine. ...

July 4, 2026 · 9 min · baeseokjae