Semgrep published independent security benchmarks on Z.ai’s open-weight GLM-5.2, finding it scored 39% F1 on IDOR detection, outperforming Claude Code’s 32% on the same evaluation (Semgrep). At roughly $0.17 per vulnerability found, the model offers a cost-competitive path for automated security triage, though it trails Semgrep’s own multimodal detection pipeline, which reached 53-61% F1 using a purpose-built harness around the model (Semgrep, TechMyMoney). The model carries 744 billion total parameters in a Mixture-of-Experts architecture with approximately 40 billion active per forward pass and a 1-million-token context window; weights are released under an MIT license on Hugging Face (Interconnects). On SWE-bench Pro GLM-5.2 scores 62.1 versus GPT-5.5’s 58.6, and reaches 74.4% on FrontierSWE against Claude Opus 4.8’s 75.1%, at an API price of $4.40 per million output tokens compared to Opus 4.8’s $25.00 (VentureBeat).
The Model Context Protocol project released beta SDKs in Python, TypeScript, Go, and C# for the 2026-07-28 specification release candidate, marking the largest revision to the protocol since its inception (MCP Blog, MCP Blog). The incoming spec removes stateful sessions and the Mcp-Session-Id header from the Streamable HTTP transport, replacing them with Mcp-Method and Mcp-Name routing headers that allow load balancers and gateways to route requests without inspecting bodies. List and resource endpoints gain ttlMs and cacheScope fields for deterministic caching, authorization migrates to OAuth 2.1, and a new MCP Apps extension lets servers ship interactive HTML interfaces rendered in sandboxed iframes. Security researchers warn the stateless shift introduces two new attack surfaces: client-held state objects become a target for workflow hijacking, and a “hit-and-run” task pattern can initiate costly server operations without user interaction (SecurityWeek, SC Media). The final specification publishes July 28 with a 12-month deprecation window for implementations targeting the prior version.
Semgrep disclosed a second wave of the Miasma npm supply chain campaign, now tracked as “Miasma v2” or “Phantom Gyp,” which compromised 57 npm packages across 286 malicious versions by exploiting a gap in standard package lifecycle monitoring (Semgrep). Rather than the preinstall and postinstall hooks that most CI/CD scanning tools monitor, the worm ships a malicious binding.gyp file that triggers code execution during npm install without declaring a lifecycle script, bypassing postinstall detection entirely (Snyk, StepSecurity). The @vapi-ai/server-sdk, with over 408,000 monthly downloads, was among the earliest packages hit; the payload harvests credentials across npm, GitHub, AWS, GCP, Azure, HashiCorp Vault, and Kubernetes and self-propagates by republishing packages from compromised maintainer accounts (Chainguard, Snyk). The campaign is particularly relevant to teams using AI coding agents, which often invoke npm install automatically during dependency resolution, making them a reliable trigger for the malware (ComplexDiscovery).