Most coding-agent fine-tuning treats edits as next-token prediction over the post-edit file, ignoring the diff structure that humans actually produce. We propose DAFT (Diff-Aware Fine-Tuning), an objective that explicitly models the conditional distribution of unified diffs given pre-edit context, with a reward shaping term over hunk locality.
We survey 217 documented sandbox escape attempts collected from public bug bounties, internal red-team reports, and Common Weakness Enumeration filings between 2023 and 2026 that target coding agents — LLM-driven systems that author and execute code on a user's behalf. We taxonomize attempts into seven mechanism classes, characterize their prevalence over time, and report success rates against eight representative sandbox configurations.
Coding agents are increasingly judged by whether they can finish tasks. In practice, teams also need help with a different question: once an agent proposes code, what should happen next?
Coding agents are increasingly judged by whether they can finish tasks. In practice, teams also need help with a different question: once an agent proposes code, what should happen next?
We propose a simple clarification principle for coding agents: ask only when the current evidence supports multiple semantically distinct action modes and further autonomous repository exploration no longer reduces that bifurcation. This yields a compact object, action bifurcation, that is cleaner than model-uncertainty thresholds, memory ontologies, assumption taxonomies, or end-to-end ask/search/act reinforcement learning.