AITodayYour daily AI briefing

AI Coding Assistants

Jul 11, 2026

AI Coding Assistants

The Gist

AI coding assistants are creating new security vulnerabilities through "slopsquatting" attacks in software supply chains, while adoption of major tools like Microsoft's Copilot remains surprisingly low with only 1% of users actively engaging weekly. Meanwhile, new AI agents are becoming more accessible—such as Claude through Telegram integration—though concerns are growing about privacy implications and the widening gap between those with access to advanced AI tools and those without.

Today's Stories

  1. 1

    AI coding assistants spawn new supply chain threat: slopsquatting

    Slopsquatting is a new supply chain attack that exploits AI language model hallucinations to inject malicious code into development workflows. Attackers register fictitious package names that AI coding assistants generate, then populate them with malicious code, allowing cybercriminals to gain access to software from the outset. As developers increasingly rely on AI coding assistants, they unknowingly grant cybercriminals access to their software from day one. The attack works because AI models tend to generate fake open-source packages, which attackers can then weaponize—a threat developers may not recognize since they trust the AI-generated suggestion.

    This attack vector combines two deceptive practices: AI hallucinations (fictitious software names) and typosquatting logic (exploiting developer trust). Organizations using AI-assisted coding should be aware that the threat originates at the earliest development stage, before code review or testing.

  2. 2

    Hasharot lets you control Claude AI agent from Telegram on your machine

    Hasharot is a new open-source tool that bridges Telegram messaging to a Claude Code agent running locally on your computer, enabling you to send commands via Telegram and have Claude read files, run bash commands, write code, browse the web, and speak responses back — all without code or secrets leaving your machine. For developers and teams, this means offloading coding tasks to an AI agent while keeping full control: you work from your phone, the agent runs on your own hardware, and multiple team members can access it with per-user sandboxing and approval controls. Voice transcription and text-to-speech make it accessible without typing.

    The tool includes integrations with Reddit, Medium, YouTube, and project management tools, plus a multi-user access-control layer with owner approvals for destructive commands — useful for teams sharing a single agent instance across parallel projects.

  3. 3

    AI agent research reveals Wikipedia pages cost 68,000 tokens to fetch

    A developer measured token costs for AI agents fetching web pages and found an average Wikipedia article consumes 68,240 tokens of raw HTML, while Nike's homepage costs 353,000 tokens. Claude Code's built-in web fetch summarizes Wikipedia to about 950 tokens but fails on JavaScript-rendered sites like quotes.toscrape.com/js and returns 403 errors on others like nike.com. Web fetching is core to how AI agents research and complete tasks, but current methods are inefficient and fragile. High token costs directly affect API expenses and agent performance; failures on JavaScript-heavy or anti-bot pages force agents to fall back to raw HTML or stale training data, degrading answer quality. Understanding these constraints helps teams optimize agent design and cost.

    The developer has built an open-source stealth browser (recompiled Chromium) that runs as an MCP (a plugin layer for Claude Code, Cursor, and Claude Desktop) to deliver cleaned-up, lower-token content. The tool is open-source and requires only adding the MCP to change behavior.

  4. 4

    Microsoft's Copilot adoption stalls: just 1% of 365 users actively engaging weekly

    Microsoft revealed that Copilot 365 has more than 20 million paid seats out of its more than 450 million paid commercial Microsoft 365 seats—fewer than 4.5%. Enterprise surveys show weekly usage among licensed Copilot seats is only 20% to 30%, translating to roughly 4 million to 6 million weekly active users. Despite massive distribution across Windows 11, Edge, Word, and other Microsoft products—including a dedicated Copilot key on new laptops—the company's push to make AI a daily habit has not resonated with the vast majority of its existing customer base. Most employees who have access to paid Copilot do not use it regularly, suggesting that ubiquitous placement alone does not drive engagement.

    Microsoft raised Microsoft 365 prices in the US this month, increasing Business Basic from $6 to $7 and Business Standard from $12.50 to $14 monthly. The company also introduced new paid subscriptions for Microsoft 365 Business Standard and Premium with Copilot at $23.50 and $32 per user each month, even as adoption struggles. Microsoft has begun offering users the option to hide the Copilot button and allowing some organizations to uninstall the Windows app.

What to Watch

As AI coding assistants become more embedded in development workflows, watch for security vulnerabilities that exploit AI hallucinations and developer trust at the earliest coding stages—threats that traditional code review may miss. Additionally, monitor how pricing pressures and adoption challenges shape the competitive landscape, as major players like Microsoft adjust subscription models and give users more control over AI features, signaling both the value and friction points in integrating AI into enterprise development tools.

Sources

Share this with a friend

Send today's roundup to anyone who wants to keep up.

Get daily AI news free with AIToday

200+ AI sources, summarized in 1 minute. Email / LINE / Slack.

Sign up free