2026-03-20
Researchers found LLM security code reviews can be heavily fooled by confirmation bias: framing adversarial pull requests as bug-free reduced vulnerability detection rates by 16–93%, with one-shot bypass success reaching 35% on GitHub Copilot and 88% on Claude Code configurations. Defenses like metadata redaction and explicit “look for vulnerabilities” prompting largely restored detection (up to ~94% in interactive/autonomous tests), alongside broader themes of tool-call safety and policy-first guardrails. The roundup also highlighted agent “fleet” management via LangSmith Fleet with per-agent identities and Slack/Teams integrations, faster Claude Code performance and chat-based control channels, improved agentic coding infrastructure (TDAD test-impact analysis, Colab MCP for remote GPU execution), and Mistral Small 4’s open-weights MoE upgrade plus benchmarks.