Copilot Readiness and Enterprise AI Security

by Dor Munis

Claude Code Automatically Loads .env Secrets, Without Telling You

Claude Code automatically loads any .env* files it finds without notifying the user. This behavior is concerning because these files often contain API...

8 December 2025

Coding agents, assistants, and MCP security

research findings

See all blogs

AI Safety vs. AI Security: Explaining the Differences

by Knostic Team

AI Safety vs. AI Security: Explaining the Differences

Somewhere between hype decks and regulatory memos, "AI safety" and "AI security" started getting use...

Cursor and Claude Code's automatic loading of .env files containing secrets

by Knostic Team

From .env to Leakage: Mishandling of Secrets by Coding Agents

AI coding assistants churn out insecure code, but a less-discussed issue is their handling of secret...

by Knostic Team

First Large-Scale AI-Orchestrated Cyber Espionage Campaign

Anthropic released research in November 2025 documenting the first reported case of a large-scale AI...

AI data security

See all blogs

by Miroslav Milovanovic

AI Coding Agent Governance Policies That Work

Fast Facts on AI Coding Agent Governance AI coding agent governance refers to the rules, roles, and ...

by Miroslav Milovanovic

Inside the Shai-Hulud 2.0 npm IDE Attack Wave

It was Monday morning, November 24th, 2025. Charlie, a security researcher, sat down with his coffee...

AI data governance

See all blogs

AI data governance measurement and audit (and variations)

by Miroslav Milovanovic

The Hidden Danger of Shadow AI Coding Tools

Context Window Poisoning in AI Coding Assistants

Primer: IDE Secrets Management

How to Detect and Block Malicious IDE Extensions

Knostic Research Team Blog

Browse Blog Categories

Claude Code Automatically Loads .env Secrets, Without Telling You

research findings

AI Safety vs. AI Security: Explaining the Differences

From .env to Leakage: Mishandling of Secrets by Coding Agents

First Large-Scale AI-Orchestrated Cyber Espionage Campaign

AI data security

AI Coding Agent Governance Policies That Work

Top 10 AI Security Solutions in 2026

Inside the Shai-Hulud 2.0 npm IDE Attack Wave

AI data governance

How to Measure and Audit AI Data Governance

Real AI Governance Examples You Need to Know

AI Data Governance Guide for Enterprise Teams [2025]

Schedule a demo to see what Knostic can do for you

Become Our Partner

Free Tools

Industry Solutions

Policies and Legal

Resources

Departments

Roles

Become Our Partner

Knostic Research Team Blog

Browse Blog Categories

research findings

AI data security

AI data governance

Schedule a demo to see what Knostic can do for you

Become Our Partner

Free Tools

Industry Solutions

Policies and Legal

Resources

Departments

Roles

STAY AHEAD IN AI RISK & COMPLIANCE

EXPLORE KNOSTIC

Free Tools

Solutions by Department

Solutions by Role

Solutions by Industry

Resources

COMPANY

Become Our Partner