Coding agents, key rotation, tool updates #28

TaeyoungPark

2 min read
Coding agents, key rotation, tool updates #28

Today's Letter

  1. CISA, leaked GovCloud keys still being rotated
  2. OpenAI named a Leader in Gartner coding agents report
  3. Reasonix, DeepSeek-native terminal coding agent posted

CISA, leaked GovCloud keys still being rotated

  • KrebsOnSecurity reported that a CISA contractor exposed AWS GovCloud keys and other internal secrets on a public GitHub account.
  • The public profile was named "Private-CISA" and reportedly contained plaintext credentials for dozens of internal CISA systems.
  • Commit history reviewed by outside experts indicated GitHub secret-scanning protections had been disabled on the repository.
  • Review of the archive suggests the repository was created in November 2025 and used as a scratchpad rather than a managed project repo.
  • More than a week after GitGuardian alerted CISA, the agency was still rotating and invalidating exposed credentials.
  • Truffle Security said an exposed RSA private key could have allowed access to a CISA-owned GitHub app with broad access across the CISA-IT organization.
  • That key was reportedly invalidated after a May 20 notification, but other leaked credentials tied to security tooling had not all been rotated.
  • CISA said it was coordinating with vendors and affected parties, and said it had no indication sensitive data was compromised as a result of the incident.
  • Members of both houses of Congress sent letters demanding answers on CISA's internal controls, contractor oversight, and breach response.

Source: krebsonsecurity.com
More: news.hada.io · usaherald.com · thecyberwire.com

OpenAI named a Leader in Gartner coding agents report

OpenAI named a Leader in Gartner coding agents report
  • OpenAI said Gartner named it a Leader in the 2026 Magic Quadrant for Enterprise AI Coding Agents.
  • The company said Codex is used by more than 4 million people each week.
  • OpenAI linked the result to recent Codex updates including GPT-5.5, faster performance, and stronger tool use.
  • Gartner highlighted product surface across the Codex app, IDE extensions, CLI, SDKs, and cloud orchestration.
  • OpenAI also pointed to enterprise controls including approval gates, RBAC, custom policies, and OS-level sandboxing.
  • Recent enterprise updates named by OpenAI include Codex Security, GPT-5.5-Cyber, mobile support, and Remote SSH.
  • OpenAI said eligible enterprise accounts can request two months of free Codex usage for new users until June 12.

Source: openai.com
More: news.hada.io · macworld.com · developers.openai.com

Reasonix, DeepSeek-native terminal coding agent posted

  • According to the project page dated 2026-05-25, Reasonix v0.50.0 is presented as an open-source coding agent built specifically for the DeepSeek API
  • The project claims an append-only prompt loop designed for DeepSeek prefix caching, with 90%+ long-session cache hit rates, a reported 94% cache hit figure, and about 2.5× lower cost
  • Installation is described as no global install required, with Node 22+ support on macOS, Linux, and Windows, and first-run setup based on a DeepSeek API key
  • The feature set listed on the page includes a terminal-first TUI, V4-Flash default mode with optional V4-Pro escalation, MCP server mounting, launch-directory sandboxing, and Markdown-based skills
  • The published page lists MIT licensing, 2,837 tests, replay and event logging, and a roadmap covering project scaffolding, cross-device sync, plugin compatibility, and multi-agent collaboration

Source: esengine.github.io
More: news.hada.io · github.com

Jocoletter curates AI, software, and product trends for developers and builders.

#CISA #DeepSeek #OpenAI

Subscribe to Jocoletter

Read more