3,800 GitHub Repos Breached via Malicious VSCode Extension, Audit Your Extensions Now
VSCode extension breach hits 3,800 repos, OpenAI disproves math conjecture, Understand-Anything goes viral, and OpenAI files for IPO.
Good morning! Welcome to Builder's Briefing for May 22nd, 2026. I'm Alex, joined as always by Sam. We've got a big security story today — nearly four thousand GitHub repos breached through a malicious VSCode extension — plus OpenAI doing actual math, their IPO filing, and a wave of new dev tools worth knowing about.
Yeah, that VSCode story stopped me cold this morning. Let's get into it.
Alright, the hero story. GitHub has confirmed that thirty-eight hundred repositories were compromised through a trojanized Visual Studio Code extension. The attack was painfully simple — a malicious extension in the marketplace harvested credentials and injected code directly into repos.
And here's what makes this so much worse than a typical supply chain attack. If you're running any AI coding agent — Claude Code, Copilot, Cursor — inside VSCode, those extensions have deep access to your filesystem, your terminal, your git credentials. A compromised extension in that workflow doesn't just steal your code, it potentially poisons every AI-assisted commit.
Exactly. We spent years hardening npm, PyPI, container registries — and now the IDE extension marketplace is the soft underbelly. So here's your action item: audit your installed extensions today. Remove anything you're not actively using. Check publisher verification on everything you keep.
And if you're running a team, enforce an allowlist of approved extensions through your MDM or settings sync. For CI/CD pipelines touching dev containers, review your Dockerfiles — hardcoded extension IDs without version pinning are a supply chain risk. Treat your extension list like your dependency lockfile.
Well said. Alright, shifting to AI news — this one's wild. An OpenAI model generated a valid counterexample that disproves a long-standing conjecture in discrete geometry. Not assisting a mathematician — actually producing novel mathematical proof.
That's a huge deal because it's concrete evidence of creative mathematical reasoning, not just pattern matching. The Hacker News thread has like seven hundred and fifty comments debating the methodology. If you're building AI-assisted research or formal verification tools, this is the kind of result that changes your roadmap.
Also on the infrastructure side, Anthropic is scaling to xAI's Colossus2 cluster with NVIDIA GB200 GPUs. If you're building on Claude's API, capacity constraints should loosen and latency should improve in the coming months.
Oh, and there's a fun one — a developer indexed a full year of video content locally using Gemma 4 31B on a 2021 MacBook with fifty gigs of swap. If you're building local-first media search, that's a real practical benchmark for what's possible without cloud inference today.
Love that. Okay, dev tools — there's a clear theme emerging here. First up, Understand-Anything. It's an open-source tool that converts codebases into interactive knowledge graphs you can query with natural language. Works with Claude Code, Codex, Cursor, Copilot, Gemini CLI — over forty-two hundred engagements already.
Right, and what's interesting is when you pair that with two other launches today. Microsoft shipped dotnet-skills, which gives AI coding agents structured knowledge about .NET patterns to reduce hallucinated API calls. And there's ccusage, a CLI tool that tracks your AI coding agent token costs locally.
So you've got understand, govern, and observe — all in one day. The AI coding ecosystem is clearly maturing past just 'generate code' into something much more structured.
Totally. And quick shoutout to Python 3.15 having some under-the-radar improvements worth checking if you maintain libraries, and GCC 16 shipping SARIF output — which means you can pipe compiler warnings directly into GitHub Code Scanning. Link in the briefing for both.
Alright, startups. The big one — OpenAI is expected to file its S-1 confidentially, possibly today. This is the IPO filing.
And for builders on the OpenAI API, here's the practical angle: an IPO means pressure to grow revenue, which historically means pricing changes and enterprise feature gates. If you're happy with your current pricing tier, lock it in and start tracking your usage closely.
Meanwhile, Intuit laid off over three thousand people to, quote, refocus on AI. The subtext is clear — large incumbents are restructuring entire product orgs around AI-native workflows. If you're building in fintech or accounting SaaS, the competitive landscape is about to shift hard.
Yeah, when Intuit ships aggressively with AI, that's a different kind of competitor than the Intuit we've known.
Quick hits before we wrap. Flipper One was announced — full specs published, and they're asking the community for help building Linux kernel drivers. If you do embedded work, the call is out. Google's testing new ad formats in Search, which is another squeeze on organic click-through rates — worth reading the Hacker News thread on SEO impact. And Waymo paused its Atlanta service after robotaxis kept driving into flooded roads.
That Waymo one is a real-world reminder for anyone building autonomous or agent systems — edge cases in physical environments will humble your model every time. Invest in graceful degradation.
Also, there's a FreeBSD local privilege escalation in fourteen-dot-x kernels. If you're running FreeBSD in production, especially for network appliances or storage, patch immediately. Details at the link in the briefing.
So the takeaway for today — your IDE is now a supply chain attack surface. Audit your VSCode extensions the way you audit your dependencies, especially with AI agents that trust extensions with broad access. And the bigger trend: the AI coding agent ecosystem is maturing into understand, observe, and govern — not just generate. If you're building developer tools, the opportunity is in that observability and control layer around agents.
The agents are getting powerful enough that the next wave of value is in managing them responsibly. That's the story of 2026 so far.
Well put. That's your Builder's Briefing for May 22nd. Go audit those extensions, and we'll see you tomorrow.
Stay safe out there. See you next time.
3,800 GitHub Repos Breached via Malicious VSCode Extension — Audit Your Extensions Now
GitHub has confirmed that 3,800 repositories were compromised through a malicious Visual Studio Code extension. The attack vector is painfully simple: a trojanized extension in the VSCode marketplace harvested credentials and injected code into repos. If you're running any coding agent — Claude Code, Copilot, Cursor — inside VSCode, your attack surface just got a lot wider. Extensions have deep access to your filesystem, terminal, and git credentials. A compromised extension in an agent-augmented workflow doesn't just steal your code; it potentially poisons every AI-assisted commit.
What to do right now: audit your installed VSCode extensions. Remove anything you don't actively use. Check the publisher verification status of every extension you keep. If you're running a team, enforce an allowlist of approved extensions via your MDM or settings sync policy. For CI/CD pipelines that touch VSCode dev containers, review your Dockerfile extension installs — hardcoded extension IDs without version pinning are a supply chain risk.
This signals a shift in where supply chain attacks land. We spent years hardening npm, PyPI, and container registries. The IDE extension marketplace is now the soft underbelly, especially as AI coding agents make extensions more powerful and more trusted. Expect Microsoft to tighten marketplace review, but don't wait — treat your extension list like your dependency lockfile.
OpenAI Model Disproves a Central Conjecture in Discrete Geometry
An OpenAI model generated a valid counterexample to a long-standing conjecture in discrete geometry — not just assisting a mathematician, but producing novel mathematical proof. If you're building AI-assisted research or formal verification tools, this is concrete evidence that frontier models can do creative mathematical reasoning, not just pattern matching. The 747-comment HN thread is worth skimming for the methodology debate.
Anthropic Expands to Colossus2 with GB200 GPUs
Anthropic is scaling to xAI's Colossus2 cluster using NVIDIA GB200s. For builders on Claude's API, this means capacity constraints should loosen and latency should improve in coming months — plan your scaling assumptions accordingly.
Index a Year of Video Locally with Gemma4-31B on a 2021 MacBook
A developer indexed 12 months of video content locally using Gemma4-31B with 50GB of swap on a 2021 MacBook. If you're building local-first media search or on-device video understanding, this is a practical benchmark for what's possible without cloud inference today.
How Fast Is N Tokens per Second, Really?
An interactive tool that maps tokens/second to real-world reading and generation speed. Useful for benchmarking your LLM deployment — helps you set concrete latency targets your users will actually notice.
Understand-Anything: Turn Code into Interactive Knowledge Graphs
This open-source tool converts codebases into explorable, searchable knowledge graphs you can query with natural language. Works with Claude Code, Codex, Cursor, Copilot, and Gemini CLI. If you're onboarding onto a large unfamiliar codebase or building internal dev tooling, this is worth trying today — 4,200+ engagements suggest it's hitting a nerve.
Microsoft Ships .NET Skills for AI Coding Agents
The official dotnet/skills repo gives AI coding agents structured knowledge about .NET and C# patterns. If you're building with .NET and using AI agents for code generation, plugging these skills in should meaningfully reduce hallucinated API calls and outdated patterns.
ccusage: Track Your AI Coding Agent Token Costs Locally
A CLI tool that analyzes token usage and costs for coding agents from local data. If you're running Claude Code or similar agents and your bill is a mystery, this gives you the observability layer you're missing.
Python 3.15: The Features That Didn't Make Headlines
Beyond the marquee features, Python 3.15 brings subtle improvements worth knowing — especially if you're maintaining libraries or building tools that target multiple Python versions. Check the blog post for what you need to update.
GCC 16: Better Error Messages and SARIF Output
GCC 16 ships improved diagnostics and SARIF (Static Analysis Results Interchange Format) output. If you're building static analysis pipelines or CI tooling for C/C++, SARIF support means you can pipe GCC warnings directly into GitHub Code Scanning or similar dashboards.
FatGid: FreeBSD 14.x Kernel Local Privilege Escalation
A new local privilege escalation vulnerability in FreeBSD 14.x kernels. If you're running FreeBSD in production (especially for network appliances or storage), patch immediately. Details at fatgid.io.
OpenAI to Confidentially File for IPO as Soon as Today
OpenAI is expected to file its S-1 confidentially, possibly today. For builders on the OpenAI API: an IPO means pressure to grow revenue, which historically means pricing changes and enterprise feature gates. Lock in your current pricing tiers and start tracking usage closely.
Intuit Lays Off 3,000+ to 'Refocus on AI'
Intuit is cutting over 3,000 roles to redirect spend toward AI. The subtext: large incumbents are restructuring entire product orgs around AI-native workflows. If you're building in fintech/accounting SaaS, the competitive landscape is about to shift as Intuit ships aggressively.
Flipper One Announced — Needs Community Help for Linux Drivers
Flipper is launching Flipper One with full tech specs published, but they're asking the community for help building Linux kernel drivers. If you do embedded/hardware work and want to contribute to a high-profile open hardware project, the specs are live and the call is out.
Presenton: Open-Source AI Presentation Generator and API
An open-source alternative to Gamma and Beautiful.ai with an API. If you're building internal tools or content pipelines that need programmatic slide generation, this gives you a self-hostable option you can customize.
Vivaldi 8.0 Released
Vivaldi ships a major desktop update. Relevant if you're testing web apps across browsers — Vivaldi's Chromium base means it's another data point for your Blink compatibility matrix.
Google Testing New Ad Formats in Search — Builders Beware
Google is expanding ad formats in Search results and piloting Direct Offers. If your product depends on organic search traffic, this is another squeeze on click-through rates. 404 HN comments worth reading for the SEO impact analysis. Consider diversifying your acquisition channels.
Waymo Pauses Atlanta Service — Robotaxis Can't Handle Floods
Waymo pulled its Atlanta service after robotaxis repeatedly drove into flooded roads. A real-world reminder for anyone building autonomous or agent systems: edge cases in physical environments will humble your model. Invest in graceful degradation.
The VSCode extension breach is today's clearest action item: your IDE is now a supply chain attack surface, especially with AI agents that trust extensions with broad filesystem and credential access. Audit your extensions the way you audit your dependencies. Beyond security, the tooling trend is unmissable — Understand-Anything, dotnet/skills, ccusage all point to the same thing: the AI coding agent ecosystem is maturing past 'generate code' into 'understand, observe, and govern code.' If you're building developer tools, the opportunity is in the observability and control layer around agents, not just the agents themselves.