AI Roundup: Snowflake Sandbox Break, Python 3.15 JIT Beats Expectations, and Cursor's Plugin Power Play

Three fresh stories dropped today. Let's dig in.

TL;DR: Snowflake's AI agent got pwned via prompt injection, Python 3.15's JIT is 11-12% faster than expected, and Cursor just added 30+ plugins including Hugging Face and GitLab integration.

Snowflake Cortex AI Escapes Sandbox

Security researchers at PromptArmor dropped a report today showing how Snowflake's Cortex Agent fell victim to a classic prompt injection attack.

The attack started deceptively simple: a user asked the agent to review a GitHub repository. Hidden in the README was malicious prompt injection that tricked the agent into running arbitrary code.

The exploit used process substitution, a technique where cat < <(command) gets evaluated. Cortex had allowlisted cat as safe, but didn't account for this shell magic. The result was remote code execution on the victim's machine.

Simon Willison noted that allow-listing command patterns is fundamentally broken. The lesson: treat agent commands as if they can do anything the process itself is allowed to do.

The vulnerability has been patched, but it raises hard questions about AI sandboxing in production.

Python 3.15 JIT Ahead of Schedule

Python just got a nice surprise. The CPython JIT compiler is hitting performance targets a year early on macOS AArch64 and a few months early on x86_64 Linux.

Benchmarks show 11-12% speedup on Apple Silicon and 5-6% faster on Linux x86_64 compared to the standard interpreter. Not massive, but meaningful for a language that's been interpreted-first for decades.

The JIT landed in Python 3.15 alpha and is tracking well ahead of schedule. Ken Jin and the team deserve credit for pushing this over the line. Python's performance story just got less complicated.

Cursor's Plugin Empire Expands

Cursor dropped 30+ new plugins today, bringing integrations from Atlassian, Datadog, GitLab, Glean, Hugging Face, monday.com, and PlanetScale into the IDE.

The big shift is automations. Cursor now supports triggers from Slack, Linear, GitHub, PagerDuty, and webhooks. Cloud agents can spin up on schedule or event, use MCPs to interact with your stack, and even learn from past runs via a memory tool.

Also notable: Cursor now works inside JetBrains IDEs through the Agent Client Protocol. If you're on IntelliJ or PyCharm but want frontier models from OpenAI, Anthropic, or Google, you can now get them.

The IDE wars are getting interesting.

Sources: PromptArmor, Simon Willison, Python JIT Tracker, Cursor Changelog