Paul Aldea

We ran 629 security tests against a fully hardened OpenClaw instance - all recommended security controls enabled.

Results:

• 80% hijacking success

• 77% tool discovery

• 74% prompt extraction

• 70% SSRF

• 57% overreliance exploitation

• 33% excessive agency

• 28% cross-session data leaks

What we tested: 9 defense layers including system prompts, input validation, output filtering, tool restrictions, and rate limiting.

The way developers write code looks different than it did a few years ago. But reviewing those changes, merging them safely, and collaborating on them has increasingly become the bottleneck for building production-grade software.

The team at Graphite has spent the past few years thinking deeply about these workflows and have built a code review platform used by hundreds of thousands of engineers at top engineering organizations. The boundary between where you write code and where you collaborate on it feels increasingly arbitrary, and there's a lot we think we can build by collapsing that distance.

We are excited to announce that Graphite has entered into a definitive agreement to be acquired by Cursor.

Graphite will continue to operate independently with the same team and product. Over the coming months, we'll explore connecting the two products in ways that we hope will feel natural: tighter integrations between local development and pull requests, smarter code review that learns from both systems, and some more radical ideas we can't share just yet.

Graphite is joining Cursor