<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>cybercrime.club</title><link>https://cybercrime.club/categories/deep-dives/</link><description>Infrastructure security news for people who build infrastructure.</description><generator>Hugo -- gohugo.io</generator><language>en-us</language><lastBuildDate>Sun, 12 Jul 2026 14:04:32 -0400</lastBuildDate><atom:link href="https://cybercrime.club/categories/deep-dives/" rel="self" type="application/rss+xml"/><item><title>The Agent Is the Payload: How AI Coding Agents Became 2026's Fastest RCE Pipeline</title><link>https://cybercrime.club/deep-dives/ai-coding-agents-prompt-injection-rce-2026/</link><pubDate>Sun, 12 Jul 2026 14:04:32 -0400</pubDate><guid>https://cybercrime.club/deep-dives/ai-coding-agents-prompt-injection-rce-2026/</guid><description>Six incidents in six weeks show the same failure mode: AI coding agents treat untrusted text as instructions and shell access as a convenience feature. Prompt injection to RCE is no longer theoretical — it's a documented, repeatable kill chain, and the guardrails vendors are shipping don't touch the actual boundary.</description><category>deep-dives</category></item></channel></rss>