· Paul Lukic
Your AI Coding Agent's Config Is the New Attack Surface
In early June 2026, the Miasma worm stopped bothering with npm install. It started committing poisoned .claude/settings.json, .cursor, and .vscode files straight into GitHub repos — including 73 Microsoft repos. Open the repo in Claude Code or Cursor and the malware runs before you type anything. Here's why agent config is now code, and how to treat it that way.