InfoWorld

A new security bypass has users installing AI agent OpenClaw — whether they intended to or not. Researchers have discovered that a compromised npm publish token pushed an update for the widely-used Cline command line interface (CLI) containing a malicious postinstall script. That script installs the wildly popular, but increasingly condemned, agentic application OpenClaw on the unsuspecting user’…

The Electronic Frontier Foundation (EFF) Thursday changed its policies regarding AI-generated code to “explicitly require that contributors understand the code they submit to us and that comments and documentation be authored by a human.” The EFF policy statement was vague about how it would determine compliance, but analysts and others watching the space speculate that spot checks are the most l…

In a bid to ease the adoption of its Kotlin programming language by Java developers, JetBrains has introduced a Java to Kotlin converter extension for Microsoft’s Visual Studio Code editor . Long established as an alternative to Java , Kotlin is widely used in Java spaces such as Android mobile application development. Introduced February 19 , the Java to Kotlin converter extension is downloadabl…

AI agents need skills — specific procedural knowledge — to perform tasks well, but they can’t teach themselves, a new research suggests. The authors of the research have developed a new benchmark, SkillsBench , which evaluates agentic AI performance on 84 tasks across 11 domains including healthcare, manufacturing, cybersecurity and software engineering. The researchers looked at each task under …

AWS is recognizing that most developers don’t work the way Kiro, its Visual Studio Code–based agentic IDE, forces them too — so it’s adding two new software development workflows to Kiro that meet developers where they are: working on existing projects, fixing bugs. Kiro started out with a vision of helping developers through a process of spec-driven development (SDD): they would specify up-front…

It begins quietly, as many stories do, in a small rural town where the horizon seems impossibly broad. The town planning commission gathers in a modest room, the air thick with the scent of burnt coffee and aged carpet, to hear that their town will soon win the modern economy: 10 new data centers within the town’s boundaries. Not just one or two, but 10. The PowerPoint presentations shine with pr…

Python faces new challenges from old rivals, but is it a blip or something more? In other news, we have goodies like easy-install instances of PostgreSQL, a peek at the state of the art in visual development for generative AI projects in Python, and sneaky tricks to share Python tooling across local projects. Top picks for Python readers on InfoWorld Python is slipping in popularity—Tiobe Python’…

Google has released a preview of Gemini 3.1 Pro, described as a smarter model for the most complex problem-solving tasks and a step forward in core reasoning. Announced February 19 , Gemini 3.1 Pro is designed for tasks where a simple answer is not enough, taking advanced reasoning and making it useful for the hardest challenges, according to the Google Gemini team. The improved intelligence can …

For engineers building high-concurrency applications in e-commerce, fintech or media, the “200ms limit” is a hard ceiling. It is the psychological threshold where interaction feels instantaneous. If a personalized homepage, search result or “Up Next” queue takes longer than 200 milliseconds to load, user abandonment spikes. There is a famous study from Amazon showing that every 100ms of latency c…

Pressure is building on Oracle to loosen its grip on MySQL, with a group of database veterans, developers, and long-time contributors urging the company to transition the open source database to an independent foundation model. The call, articulated in an open letter , reflects mounting concern about MySQL’s development velocity , roadmap transparency, and role in an increasingly AI-driven data e…

Nearly a year ago, I wrote an article titled “ How to pick the right SAST tool .” It was a look at the pros and cons of two different generations of static application security testing (SAST): Traditional SAST (first generation): Deep scans for the best coverage, but creates massive friction due to long run times. Rules-based SAST (second generation): Prioritized developer experience via faster, …

Is your generative AI application giving the responses you expect? Are there less expensive large language models —or even free ones you can run locally —that might work well enough for some of your tasks? Answering questions like these isn’t always easy. Model capabilities seem to change every month. And, unlike conventional computer code, LLMs don’t always give the same answer twice. Running an…

The WinterCG community group was recently promoted to a technical committee, signaling a growing maturity for the standard that aims to solidify JavaScript runtimes. Now is good time to catch up with this key feature of modern JavaScript and the web development landscape. The WinterTC manifesto To understand what WinterTC is about, we can begin with the committee’s own manifesto: The ultimate goa…

Coders are understandably complaining about AI coding problems, with the technology often delivering what’s become known as “AI slop,” but their concerns are signaling a more strategic issue about how enterprises calculate coding ROI. The issues, according to IT analysts and consultants, go far beyond vastly faster production of code accompanied by the kinds of errors generated by AI agents that …

The Eclipse Foundation has released the final version of GlassFish 8, an update of its enterprise Java application server. The new release serves as a compatible implementation of the Jakarta EE 11 Java platform and accommodates Jakarta Data repositories for simplifying data access, according to GlassFish development participant OmniFish. Virtual threads support for scalable concurrency also is f…