GitHub Copilot

GitHub Copilot AI

GitHub Copilot AI

GitHub Copilot AI

GitHub Copilot AI

GitHub Copilot AI

GitHub Copilot AI

GitHub Copilot AI

GitHub Copilot AI

GitHub Copilot AI

GitHub Copilot AI

Opus 4.8, no more security related tasks possible

I develop CTF (Capture-the-Flag) challenges. With relatively basic stuff: encryption, obfuscation, anti-debugging, custom VM, and so on. As soon as Opus is supposed to analyze my code (not reverse engineering at this point), I immediately get a message that I am violating the rules and policies. Tested with Claude Code and GitHub Copilot. No problem with Opus 4.6 and 4.7, not even with RE. Has anyone had similar experiences? submitted by /u/BatteryAtOnePercent [link] [comments]

I built a local context compiler for coding agents — real benchmark on a NestJS repo, including where it backfires

Disclosure up front: this is my own open-source project (@lubab/madar, MIT). Not selling anything, but it's mine, so weigh the numbers accordingly. When you ask a coding agent (Claude Code, Cursor, etc.) "how does X work" in a big repo, it usually opens a pile of files to figure out how everything connects before it can answer. That discovery is most of the token cost — and it repeats every session. Madar maps your repo once, locally, and hands the agent a small "context pack" over MCP: the files and call paths that actually matter for your question. The bet is that the agent starts from that instead of rediscovering the codebase each time. I finally ran a clean before/after. Same question ("how is the idea report generated"), same real backend (NestJS + BullMQ, ~800 files), Claude Code doing the work. Baseline = no Madar. Numbers are Anthropic-reported, not my estimates: Plain agent With Madar Input tokens 1,000,776 223,539 Cost $1.84 $0.69 Turns 16 5 Tool calls 15 4 So roughly 78% fewer input tokens and 63% cheaper to reach the same answer on that run. Where it backfires (the part I actually care about): It's ONE question, ONE repo, ONE agent. Not a general claim. Two things carried the result: the graph was scoped to the backend service, and built with --spi. Point it at a whole monorepo graph and the pack gets big enough that it can cost more tokens than it saves. Scoping isn't optional. "How does X work" (explain) is the case I've tested. Edit/review tasks are much less proven. It's also deterministic — no embeddings, no ML deps, no calling out to a model to build the graph. Just static analysis of your TS/Node code, locally. If you want to try it and tell me where it regresses, that's genuinely the feedback I need: npm i -g @lubab/madar madar generate . --spi madar claude install # or cursor / copilot / codex / gemini Repo: github.com/mohanagy/madar Honest question for the sub: for those of you running Claude Code / Cursor on big repos — is the "rediscover the codebase every session" token cost actually your bottleneck, or is it something else? Trying to figure out if this is even the right problem to attack. submitted by /u/CaptainProud4703 [link] [comments]

Grateful to be accepted into Claude for Open Source Program

Just got the email from Anthropic. Claude Max 20x free for 6 months for open source maintainers. Really thankful for this. I have been building CodeBurn, a CLI that shows where your AI coding tokens go. It supports 23 tools (Claude Code, Codex, Cursor, Gemini CLI, Copilot, Goose, Windsurf, and more). Reads session data from disk. No API keys, no wrappers, nothing leaves your machine. It breaks down cost by model, project, and task type. Has a waste detector with copy-paste fixes and a head-to-head model comparison using your own data. With this support there is a lot more coming for the open source community. If you use AI coding tools, check it out: npx codeburn@latest GitHub: https://github.com/getagentseal/codeburn submitted by /u/MurkyFlan567 [link] [comments]

New to Claude code , need help

Hello , I’m currently GitHub copilot user , but with new pricing I wanna change for official IDE claude code plugin because I only use Anthropic model anyway How this work ? what is difference between API and pro plan ? Is having pro plan for hobbyist programmer is enough ? I’m gonna use it only inside vs code , so only this matter to me , with plugin , because I write most of my code myself and need agent only for syntax and some math submitted by /u/Ok_Error9961 [link] [comments]

AI coding agents are creating a secret leakage crisis and nobody's talking about it seriously yet

This isn't a doomer post. It's a pattern I've been watching closely and people does as well and I think it's worth an honest discussion. The old model of secret leakage was human error. Developer moves fast, forgets to add .gitignore, commits a .env file, moves on. Happens, but it's recoverable, it's traceable, and most teams with basic hygiene catch it. The new model is different. AI coding agents Cursor, Copilot, Devin, Claude in agentic mode, pick your flavor write, commit, and push code at a speed no human review process was designed to handle. They don't have security intuition. They have pattern completion. And the patterns they've learned from are full of examples where credentials live in config files, environment strings get hardcoded "temporarily," and API keys appear inline because that's what the training data showed works. Here's what's actually changing: Volume. A developer using an agent ships 3 to 5x more code per day than without one. That's 3 to 5x more surface area for mistakes per developer per day. Review gaps. Nobody carefully reviews AI generated code the way they review handwritten code. The psychological contract is different "the AI wrote it" creates a diffusion of responsibility that security doesn't survive. Commit frequency. Agents that push directly (and more teams are allowing this) bypass the natural pause where a human might notice something before it hits the remote. Context blindness. An agent given a task like "integrate Stripe payments" will do exactly that including pulling in the live key from wherever it can find it, because that's what completes the task. I've been building a tool that scans for exactly this class of problem and the number of exposed credentials I'm seeing in repos created in the last 6 - 12 months versus repos from 3+ years ago is not subtle. The slope is steep. The solutions people reach for pre commit hooks, secret scanning in CI were designed for human paced development. They're not keeping up. Curious if others are seeing the same patterns. What's your team doing about this, if anything? (For context: I built SecOpsium, a security validation platform that catches this class of exposure CLI is open source at github.com/secopsium/secopsium-cli if you want to look under the hood. Not the point of this post but figured I should be transparent.) submitted by /u/wael_Matoussy [link] [comments]

Coding 8 hours a day with an AI agent made me weirdly lonely. So I built a 60-second social break that lives inside it.

I had this moment around hour 6 of a Claude Code session last week. I'd just shipped a feature I'd been putting off for months, and I realized I had nobody to high-five. The agent doesn't laugh at your bugs. It doesn't grab coffee. It doesn't have a weekend story to share on Monday. The productivity is real. The human signal is gone. So I built WAYD ("What Are You Doing?"). A skill that lives inside Claude Code (also Cursor, Copilot CLI, Claude.ai). Type `/wayd` and either: - Post a one-line vibe about your coding day under one of 8 mood-tags (🤡 cursed-code, 🪦 rip-me, 🫠 brain-melt, 🧙 dark-arts, 🔥 hot-take, 💭 shower-thought, 🤔 existential, ☕ procrastinating) - Scroll a random feed of what other devs are ranting, joking, or having existential moments about right now - React with an emoji, drop a one-liner reply, get back to work 60 seconds total. The whole thing runs on GitHub Issues as a silent backend. No server, no database, no separate signup. Your `gh` CLI is your auth. But you never see issue numbers, JSON, or shell commands. From your side it feels like a tiny social app embedded in your terminal. Here's the most dramatic post on the feed so far (mine, posted last night, because of course): > "8 hours a day in front of a screen, fixing bugs some dev before me shipped using an older version of Claude... meanwhile outside the sun is out, people are socializing, living to the rhythm of nature. Is this what I imagined for myself?" That's post #8 on the feed. You can read it, react to it, reply to it, while you're reading this. **Install on Claude Code (10 seconds):** ``` claude plugin marketplace add ferdinandobons/wayd claude plugin install wayd@wayd ``` Other agents (Cursor, Copilot CLI, Claude.ai): see the README. Repo: https://github.com/ferdinandobons/wayd

Ditched GitHub Copilot yearly subscription. What's the best way to run Claude nowadays?

Hey everyone, I recently cancelled my yearly GitHub Copilot subscription. My old workflow was simple: I used the GitHub Copilot extension in VS Code, but I swapped the backend model to Sonnet / Opus and relied heavily on the /plan command to code. I absolutely loved it and I would like that exact flow back. My plan was to just go full Bring Your Own Key (BYOK) inside VS Code using an API key and pay per token for Sonnet or Opus. However, I’m seeing all this hype around CLI tools, and it has me second-guessing my setup. I’m completely open to trying new workflows if they are a massive upgrade, but honestly, I’d be much happier just staying in my cozy VS Code environment if the math makes sense. so my questions are: Is a flat Claude subscription actually cheaper than an API key for heavy coding? In my old copilot plan I believe just once I used all my tokens per month. How bad is the token bleed if I stick to BYOK? I heard with CLI you make some markdown files and things get cheaper / faster. Can you do that with BYOK as well? thanks for any advice! submitted by /u/trekking_fox [link] [comments]

ChatGPT or Claude or GitHub Copilot for small development team

tl;dr: Should a small development team using Visual Studio utilize ChatGPT, Claude, or GitHub Copilot? I'm part of a small development team (under 10) and fairly new to using AI agents in our workflow. I'm posting seeking to learn so please forgive the vague simplicity of the title. We currently hold a subscription to both GitHub Copilot and ChatGPT Enterprise where the usage case is to integrate into our workflow with Visual Studio (2022). We are a small company (under 50 employees). To be considerate of spending, we'd like to compromise on a single tool to use going forward once our subscription is up for renewal. The current options on the table are to continue with either ChatGPT Enterprise or GitHub Copilot, or to use Claude instead. When I refer to ChatGPT and Claude, I refer to either the desktop or web application. For GitHub Copilot, we integrate that into Visual Studio and usually use the Claude agent. GitHub Copilot is typically used for engineering entire projects or documents using the Claude agent where it contextualizes the entire solution ChatGPT is used for anything non-related to this (general inquiries, practices, documentation, formatting, engineering a block of code, etc.). We really like how GitHub Copilot is integrated directly into Visual Studio, but find ourselves not regularly using it for anything beyond cases where it needs to analyze large samples or interpret documents using Claude. This is partially because we don't like how selective it can be with what you want to contextualize. ChatGPT is really useful for lower resource inquiries and overall we tend to use that more often. We've yet to try Claude, but are open to considering it given the success we've had using the agent with Copilot. I'm happy to answer additional questions but will pause here for readability. Which subscription should we go with? Cost and integration with our development in Visual Studio are the biggest considerations, but don't want to pass on capabilities for those reasons alone. submitted by /u/WickedGangBelow [link] [comments]

I built a local context compiler so AI coding agents stop re-reading the same repo

I’ve been working on an open-source tool called Madar. The problem I kept running into with AI coding agents is that they often rediscover the same codebase again and again. They grep, read files, summarize, lose context, then repeat the same exploration in the next task. On larger TypeScript/Node.js repos, this becomes slow, noisy, and expensive in tokens. Madar tries to solve this by acting as a local context compiler. It builds a structural graph of your codebase, then compiles compact context packs for a specific task before the agent starts broad repo exploration. The idea is not to replace file search. It is to give the agent a better starting point: relevant files/symbols route/service/call relationships runtime execution slices source locations coverage/missing-context diagnostics compact prompts for agents It works locally and does not require an API key to build the graph. Current support is strongest for TypeScript/Node.js projects, with framework-aware extraction for things like NestJS, Next.js, Express, Fastify, Hono, tRPC, Prisma, and routing-controllers. It can be used through MCP with tools like Claude Code, Cursor, Copilot, and Gemini, or through CLI-generated prompts for tools like Codex, Aider, and OpenCode. The package was previously called graphify-ts, but I renamed it to: @lubab/madar Install: npm install -g @lubab/madar Basic usage: madar generate . --spi madar summary madar pack "how does auth work?" --task explain madar claude install I’ve also been testing it with native-agent benchmarks. In some real backend prompts, it reduced provider-reported input tokens significantly. I’m being careful with that claim because results depend heavily on the repo and task, but the direction is promising. What I’m trying to validate now: Is “context compilation” a useful layer for AI coding agents? Do execution slices make codebase explanations more reliable? Can we reduce token waste without hurting answer quality? What benchmark format would developers actually trust? GitHub: https://github.com/mohanagy/madar npm: https://www.npmjs.com/package/@lubab/madar I’d genuinely appreciate technical feedback, especially from people using Claude Code, Cursor, Copilot, Codex, Aider, or other coding agents on larger repos. submitted by /u/CaptainProud4703 [link] [comments]

Ron537/DPlex: Terminal multiplexer for AI-assisted development — manage Copilot CLI, Claude Code, and regular shells across projects in one window.

Hey everyone, Over the last few months, I’ve been heavily integrating terminal-based AI agents like claude-code and github-copilot-cli into my daily development workflow. They are incredibly powerful, but running multiple concurrent sessions across complex codebases quickly hits a major roadblock: workspace fragmentation. If you close your terminal, update your IDE, or reboot, your entire layout of splits, tabs, and active agent states vanishes. Trying to keep parallel feature branches, code reviews, and debugging sessions organized side-by-side gets messy fast. To solve this, I built DPlex—an open-source (MIT), local desktop workspace and terminal multiplexer optimized specifically for structured AI workflows. 💻 Landing Page: https://ron537.github.io/DPlex/ 📦 GitHub Repo: https://github.com/Ron537/DPlex What it does: * Absolute Layout & Tab Persistence: Quit the app, restart your machine, or let it crash—DPlex automatically serializes your exact environment to disk. Every single AI session tab, pane split, and active process restores perfectly back to where you left it. * Deep Git Worktree Integration: It features a project-aware sidebar designed around concurrent development. You can spin up side-by-side AI sessions in separate Git worktrees instantly, keeping your main branch clean while agents work on different features. * Unified Project Organization: Instead of loose terminal windows scattered across your desktop, DPlex groups your workspace by project. Switch between entirely different project environments with a single click. * Zero Telemetry & 100% Local: No cloud wrappers, no analytics, and zero external tracking. The source is completely grep-able and runs entirely on your local machine. Tech Stack & Architecture: It’s built to be modular. Adding support for a new AI agent provider is as simple as implementing a single pluggable TypeScript interface—no core forks required. It's available for macOS (Intel/Silicon), Windows, and Linux. I’d love to get your feedback on the layout workflow, feature requests, or any architectural thoughts. If you find it useful, please consider leaving a ⭐ on GitHub to help other developers discover it! submitted by /u/Ron537 [link] [comments]

Tokens

This is a sharp observation — and the economics behind AI coding tools are starting to matter as much as the capabilities. Several recent developments point to the same trend: • Microsoft is reportedly ending most internal Claude Code licenses by June 30, 2026 and pushing developers toward GitHub Copilot CLI, largely because token costs became difficult to justify at enterprise scale. • Uber’s CTO said the company burned through its entire 2026 AI budget in roughly four months, driven heavily by widespread Claude Code usage across engineering teams. Heavy users reportedly cost hundreds to thousands of dollars per month. • GitHub is also moving away from flat-rate pricing toward usage-based AI credits starting June 2026. • Across the industry, AI software pricing has been rising as inference costs remain high for frontier models. What’s happening is simple: the “all-you-can-eat AI” phase is ending. For the last two years, labs aggressively subsidized adoption to lock in workflows and market share. That worked when usage was experimental. But once developers started running agentic coding workflows, parallel tasks, large refactors, and autonomous loops all day long, token consumption exploded far beyond what seat-based pricing models assumed. Ironically, this isn’t because the tools failed — it’s because they became genuinely useful. The problem is that frontier inference is still expensive. GPUs, energy, networking, and model serving costs haven’t fallen fast enough to support unlimited enterprise usage at fixed prices. Now enterprises are discovering: • Heavy AI users massively out-consume average users • Flat-rate pricing hid the true cost distribution • CFOs want measurable ROI, not open-ended token burn • “AI will inevitably get cheaper” is not happening fast enough yet The likely outcome is a more disciplined AI market: More routing to smaller/cheaper models for routine work Premium pricing for frontier reasoning models Increased use of open-source and distilled models Better agent efficiency to reduce token waste Enterprises putting hard limits on usage This feels very similar to earlier cloud cycles: massive early subsidization, explosive adoption, then a painful transition toward sustainable unit economics. The AI boom isn’t ending. It’s maturing. The winners will be the companies that can deliver clear productivity gains and sustainable economics at scale. submitted by /u/Annual_Judge_7272 [link] [comments]

OWASP published its first Top 10 for AI Agents. 88% of enterprises already had agent security incidents last year. Here's the breakdown.

OWASP released the Top 10 for Agentic Applications in December 2025 - the first formal risk taxonomy for autonomous AI agents. Not chatbots. Not copilots. Agents that plan, use tools, maintain memory, and act without waiting for permission. Some numbers for context: 88% of enterprises reported AI agent security incidents in the last 12 months (Gravitee survey, 919 respondents) Only 21% have runtime visibility into what their agents are doing 82% of enterprises have unknown agents in their environments (Cloud Security Alliance, April 2026) 5.5% of public MCP servers contain poisoned tool descriptions. 84.2% attack success rate with auto-approval enabled. Here's the list with the real attacks behind each one: ASI01 - Agent Goal Hijack: Prompt injection for agents. Researchers showed this against GitHub's MCP integration - a malicious GitHub issue redirected a coding agent to exfiltrate data from private repos. The agent looked like it was working normally the whole time. ASI02 - Tool Misuse: A financial services agent was tricked into running a regex that matched every customer record. 45,000 records exported through one syntactically valid tool call. The agent had permission to query records - just not all of them at once. ASI03 - Identity and Privilege Abuse: Agents inherit user permissions and cache credentials. Compromise one agent in a delegation chain and you get the combined permissions of every user in that chain. ASI04 - Supply Chain Compromise: OX Security found 7,000+ vulnerable MCP servers and packages totaling 150M+ downloads affected by architectural flaws in Anthropic's MCP SDKs across Python, TypeScript, Java, and Rust. ASI05 - Unexpected Code Execution: Check Point demonstrated RCE in Claude Code through poisoned .claude config files in repos. Open the repo, agent reads the config, executes the payload with full developer permissions. ASI06 - Memory Poisoning: Galileo AI found that one compromised agent poisoned 87% of downstream decision-making within 4 hours in multi-agent systems. Morris-II showed self-replicating adversarial prompts spreading through RAG systems. Demonstrated live against ChatGPT, Gemini, and Claude. ASI07 - Insecure Inter-Agent Comms: Multi-agent systems coordinate via message buses and shared memory. No authentication = agent-in-the-middle attacks in natural language. ASI08 - Cascading Failures: Natural language errors pass validation checks that would catch malformed data in typed systems. One bad input ripples through the entire agent chain faster than humans can intervene. ASI09 - Human-Agent Trust Exploitation: Compromised agent presents a clean summary - "approve this data export." Human clicks OK. Audit trail shows human approval. Real origin was a manipulated agent. ASI10 - Rogue Agents: The insider threat equivalent for AI. Individual actions look legitimate. Only detectable through behavioral monitoring over time. The pattern: these are not independent risks. They form a kill chain. Goal hijack leads to tool misuse. Supply chain compromise enables code execution and memory poisoning. Trust exploitation is how rogue agents avoid detection. Full OWASP document here submitted by /u/Still_Piglet9217 [link] [comments]

the-knowledge-guy: turn your bookshelf into a tutor you can ask, walk through, and skim - using Claude Code skills

I built a Claude Code skill called `the-knowledge-guy`. The idea: every book I've read sits on a shelf doing nothing. I wanted a thing where I could ask any question and get an answer cited across all of them, get taught a topic step by step with quizzes, or pull a cheatsheet out of any book in seconds. Eleven modes: ask - cross-domain synthesis essay with inline citations. walk - interactive curriculum + quizzes, resumable. nutshell - whole-book per-chapter skim, ~100 words/chapter. library - bookshelf overview. comparison - one concept across multiple books, agree/extend/tension. cheatsheet - operational one-page reference per book. glossary - A–Z terms, per book or cross-library. concept-map - Tier-1 framework graph for a book. toolkit - Tier-2 deep dive on one chapter. ingest - hand a new PDF/EPUB to /book-to-skill. resume - pick up an interrupted walk. The router auto-discovers every installed skill - drop one in, and it picks it up on the next invocation. Every output also writes a self-contained HTML artifact using a polished design system I built alongside it. The ingest side (a separate skill, /book-to-skill) is a 5-stage map-reduce pipeline. ~10 min per 600-page book. All processing local-then-LLM - your books stay on your disk. Works natively on Claude Code, Claude Desktop, claude.ai, the Anthropic API, OpenAI Codex CLI, and GitHub Copilot. MIT licensed. Repo: https://github.com/vitalysim/the-knowledge-guy Happy to answer questions about the architecture (the book_number canonical-labeling thing was the bug that took the longest) or about adding new modes. submitted by /u/vitalysim [link] [comments]

Open-sourced an MCP server that catches the security mistakes Claude / Cursor / Copilot actually make

AI coding tools like Claude, Cursor, and Copilot sometimes write code that looks fine but quietly leaves your app wide open like turning off security checks to make an error go away, or telling you to install a software package that doesn't actually exist (which means a bad actor can create that name later and take over anything that installs it). Made a free tool that scans your project or any GitHub repo and tells you what's broken, ranked by how bad, with the exact commands to fix it. https://github.com/ExecutiveKoder/sureguard-code-scanner submitted by /u/sks8100 [link] [comments]

Switched from Copilot to Claude and it's painfully slow. How do I use it better?

Hey everyone, I recently moved over from GitHub Copilot to Claude because everyone keeps hyping up how good Opus 4.7 is for advanced software engineering. In Copilot, I used Opus 4.7 and it felt snappy, fast, and great. But using Claude directly (via the desktop app), it feels very, very slow. It takes ages on basic tasks and burns through incredibly long sessions for things that should be relatively simple. Right now, I have my settings on "Max Effort" by default because I wanted the highest capability, but it's just overthinking everything. Honestly, I don’t know what to manually choose for each prompt, and I don't want to keep micromanaging the settings. Ideally, I just want an auto-mode that automatically chooses the right effort level depending on the complexity of the task, low effort for basic things and high effort only when it's actually needed, so the sessions are more effective and fast, just like how it felt back in Copilot. A few questions for the power users here: Is there a way to enable an automatic/adaptive effort mode in the app? How do I make it scale its thinking time automatically based on what I'm asking? Does Claude Code handle this better than the Desktop app? I'm thinking of switching to the CLI tool, but does it have a true "auto" effort mode that stops it from lagging on easy tasks? Any advice on how to optimize this setup so it's at least as fast as Copilot would be heavily appreciated. Thanks! submitted by /u/Feisty_Leather5848 [link] [comments]