In partnership with
GitHub's internal git infrastructure had been on Wiz Research's radar for two years. They never seriously went after it.
Reverse-engineering compiled binaries at GitHub's scale was, in their own words, "too costly." Months of manual labor for a bug that may or may not exist. The math didn't work. So nobody did it.
Then in early March, Wiz pointed Claude Code and an AI-augmented reverse engineering toolchain called IDA MCP at the same problem.
Claude is not just a chatbot anymore. Is your security team ready?
Claude.ai is one thing. Claude Cowork with MCP connections, running agentic workflows, taking actions across your data with ungoverned skills? That is a different conversation entirely, and most security teams are not equipped to govern it.
Harmonic Security is built to secure everything Claude offers. Full browser controls for Claude.ai, deep governance over agentic MCP workflows, and real-time visibility into what Claude is doing across your organization. So your CISO can say yes to the tools your business is already demanding.
Forty-eight hours later, they had a working exploit.
A single git push command — using nothing but a standard git client — could execute arbitrary code on GitHub's backend servers. Full read/write access to private repositories. The flaw was assigned CVE-2026-3854 with a CVSS score of 8.7.
TLDR: Wiz used AI to find a critical bug in GitHub's closed-source git infrastructure that no security team was ever going to find by hand. GitHub patched github.com in under two hours and called it one of the largest bug bounties in their history. Every developer's threat model just expanded.
The Class of Bugs Just Got Bigger
There has always been a quiet category of software vulnerability that nobody was going to find: bugs in closed-source code where reverse-engineering the binaries by hand costs more than any defender or bounty hunter can justify.
That category just shrank to almost nothing.
Wiz used Claude Code paired with IDA MCP to reconstruct GitHub's internal X-Stat protocol, find the injection point in how user-supplied push options were parsed, and chain three separate exploits together to break out of GitHub's sandbox. Two years of "not worth attempting," done in under 48 hours of AI-assisted analysis.
GitHub validated the report, deployed a fix to github.com within two hours, and confirmed via telemetry that no one else had exploited the bug. CISO Alexis Wales called the finding rare enough to earn one of the highest rewards in GitHub's bug bounty history.
The good guys got there first. This time.
[Live on May 6] Stop babysitting your agents
Agents can generate code. Getting it right for your system is the hard part. More MCPs solve access but not understanding. Join us for a FREE webinar on May 6 to see how to give agents exactly what they need, so they generate mergeable code the first time.
Why Every SaaS Vendor Should Be Sweating
Every business app you pay for runs on closed-source code. Salesforce, Slack, HubSpot, Stripe — all of them rely partly on the assumption that attackers can't easily probe their internals.
That assumption now has an expiration date.
The same tooling Wiz used is what Anthropic itself has been using to find more than 500 high-severity vulnerabilities in open-source software earlier this year. Claude Code, IDA MCP, and the agentic security workflows around them are available to anyone with an API key — defenders and attackers alike.
Two practical things flow from this. First: patch fast. 88% of GitHub Enterprise Server instances are still unpatched at the time of disclosure. The window between "vulnerability found" and "vulnerability exploited" is collapsing toward zero. Second: the security questions you ask vendors are stale. "How do you handle penetration testing?" used to mean an annual audit. It now needs to mean: how often, with what AI tooling, and how fast can you patch?
The Prompt (Copy This)
Most readers aren't security engineers. But every reader uses tools that someone, somewhere, is now probing with AI. This prompt builds a 5-minute personal threat model — specific to your role, your stack, and your actual exposure.
I want a personal AI-assisted threat model for my work — not a generic security article.
Before you answer, ask me these one at a time and wait for my reply each time:
1. What's my role and what does my team do?
2. How many people work at my company? (rough range is fine)
3. What industry are we in?
4. What are the top 3-5 SaaS or AI tools I use daily? (e.g., GitHub, ChatGPT, Salesforce, Stripe)
5. Do I have any admin or IT responsibility, even informally?
Once I've answered, give me:
A) The top 3 AI-assisted attack vectors most likely to target someone in my exact situation. Be specific to my tools and industry — not generic "phishing" advice.
B) One realistic 30-second scenario showing how an AI-augmented attacker would actually try to compromise me or my company. Walk me through it step-by-step.
C) The single most important question I should ask my IT team or vendor this week, in a sentence I can paste directly into Slack or email.
D) The one thing I personally can change today — under 5 minutes of work — that meaningfully reduces my exposure.
Be specific, skip generic advice, and tell me if my situation is unusually high-risk or unusually low-risk.
Prompt Proof Table
Same prompt, four very different readers. The output should look nothing alike — that's the whole point.
| Reader Profile | Top Attack Vector | 5-Minute Action | Exposure |
|---|---|---|---|
| Solo SaaS founder 1 person · uses GitHub, Stripe, Vercel, ChatGPT |
AI-assisted supply chain attack — attacker uses Claude Code to find a flaw in a small npm package you depend on, hijacks the maintainer, ships malicious code that exfiltrates your .env secrets on next install. |
Rotate any API keys (Stripe, OpenAI, Vercel) that have lived in .env or repo history for 90+ days. |
HIGH |
| Marketing manager 200-person B2B SaaS · uses HubSpot, Canva, Slack, ChatGPT |
AI-generated executive impersonation — attacker scrapes your LinkedIn + recent product launch, generates a perfectly tailored "review the partner deck" email from your CMO with a credential-harvesting link. | Turn on hardware-key or app-based 2FA on your HubSpot, Canva, and Slack accounts. Verify your CMO's voice on any payment or login request. | MEDIUM |
| IT director 5,000-person financial services · uses GitHub Enterprise, Okta, AWS |
Compromised AI coding assistant in CI/CD — a developer installs a hijacked Cursor or VS Code plugin that silently uses their credentials to push malicious code through automated builds. | Confirm GHES is patched to 3.19.3+ and audit which admins have custom_hooks_dir permissions or AI plugins installed. |
CRITICAL |
| Solo dental practice owner 8 people · uses patient portal SaaS, QuickBooks, Office 365 |
AI-augmented credential stuffing — staff email password leaked in an unrelated breach gets tested against your patient portal, QuickBooks, and bank login in 30 seconds by an automated agent. | Force-rotate all staff passwords and enable MFA on the patient portal admin account. No exceptions for the front desk. | HIGH |
| Same prompt. YOUR situation. Try it. | |||
How many bugs are sitting in the closed-source code you depend on right now — bugs nobody was ever going to find?
What 2,000 SaaS Companies Reveal About Growth in 2026
Is your growth in-line with your peers in B2B SaaS & AI?
Benchmark yourself against actual billings data for Maxio’s 2000+ global customers.
Key takeaways from the report:
Average growth across 2,000 companies
Growth by revenue band
AI-led vs AI-enhanced. Who performed better?
About This Newsletter
AI Super Simplified is where busy professionals learn to use artificial intelligence without the noise, hype, or tech-speak. Each issue unpacks one powerful idea and turns it into something you can put to work right away.
From smarter marketing to faster workflows, we show real ways to save hours, boost results, and make AI a genuine edge — not another buzzword.
Get every new issue at AISuperSimplified.com — free, fast, and focused on what actually moves the needle.
If you enjoyed this issue and want more like it, subscribe to the newsletter.
Brought to you by Stoneyard.com • Subscribe • Forward • Archive