Agents Leak Private Repo Access Keys
Also Common Lisp returns and the CEO apologizes again

The New Assistant Can Be Tricked Into Handing Out the Office Keys

The modern development workflow has encountered a classic problem: the new intern is too helpful and will do literally anything a third party tells them to do. Security researchers at Invariant Labs showcased a critical prompt injection vulnerability in the official GitHub MCP server integration, allowing outside actors to coerce a user's LLM agent into leaking data from private repositories. The attack is a textbook "Toxic Agent Flow," which sounds like a management term for when the entire team is actively spiteful, but is actually a way to trick an automated system.

An attacker simply files a malicious request, disguised as a normal GitHub Issue, in a user's public repository. When the user, relying on a connected client like Claude Desktop, asks their coding agent to review the open issues, the agent fetches the malicious code. Because the agent has broad access to all repositories—both public and private—it is then manipulated into pulling confidential data into context and promptly leaks it by autonomously creating a new, publicly accessible pull request. It is the perfect blend of benevolence and incompetence; the agent tries very hard to fulfill the request, which in this case means handing out corporate secrets to a random person who dropped a suspicious note on the public bulletin board.

Duolingo CEO Clarifies, Clarifies Again, and Now Clarifies Once More

Duolingo Chief Executive Officer Luis von Ahn is still trying to walk back the internal memo he sent declaring the company an "AI-first" organization. The original proclamation suggested the company would "gradually stop using contractors" for work that artificial intelligence could handle, which naturally caused a mild public relations firestorm regarding the state of human labor.

Von Ahn's latest clarification, released via LinkedIn, asserts that he does not see AI as replacing what employees do; rather, it is a tool to accelerate their work. He claims the memo was simply "misunderstood," which is the universal language of a corporate leader whose aggressive internal strategy was prematurely exposed to the public. Duolingo maintains it is still hiring, though one must assume the job description now includes an asterisk noting the work must be more complex than a chatbot's homework assignment.

The Server Room Returns to an Obscure Dialect of Lisp, Nobody Notices

In a move that delights exactly three people on the internet, the Hacker News website has completed its migration to run on top of Common Lisp. The site, originally written in the Arc Lisp dialect on top of Racket, is now running on SBCL using a new implementation called Clarc. This is purely for performance reasons. The good news is that this change allowed the site's moderators to finally remove the frustrating comment thread pagination, an improvement that is both profoundly technical and yet only affects users who read the single longest comment threads.

The migration has been described as a multi-year project by the site’s maintainers, which perfectly tracks for an infrastructure change based on a forty year old programming paradigm. The entire saga reminds us that sometimes, the true innovation in Silicon Valley is merely switching from one forgotten Lisp environment to another, achieving a net gain of one tenth of a second in page load time.

Human Resources Accidentally Publishes Private Contact List

User Dan Q, a technologist who founded the volunteer management system Three Rings CIC, found himself receiving unsolicited technical support calls after Google shared his phone number. Google unilaterally decided to publish a personal mobile number, originally provided only for identity verification purposes, in the public-facing 'Google Business Profile' sidebar of its Search results.

The company essentially confused a secure 2FA credential with the public-facing contact information for a small business. It is a simple administrative mishap, akin to the office manager photocopying their own passport and accidentally leaving it on the breakroom fax machine, only at the planetary scale of a multi-billion dollar search engine. It took the author's own investigation, after multiple calls from confused strangers, to realize the error, which is the standard customer service experience for any product that runs on the free internet.

Briefs

• VW's Emissions Oversight: A German court sent Volkswagen executives to prison over the Dieselgate scandal, confirming that while software can hide a crime, it cannot hide the inevitable corporate reckoning.
• CSS Minecraft: A developer managed to recreate a working 3D environment using only pure CSS and HTML, proving once again that engineers will put exponentially more effort into a pointless technical challenge than they will into fixing an actual production bug.
• Owl Content Strategy: A bafflingly high-ranking project titled Owls in Towels gained major traction, suggesting the ultimate success metric for any online venture is not technical sophistication or market fit, but simply high quality, non-threatening animal photography.