“The OpenCode agent server accepted unauthenticated network connections by default, allowing remote attackers to execute arbitrary code on the host.”
The current generation of coding agents are running with full filesystem access, full network access, and absolutely no security model. OpenCode shipped with the most basic configuration mistake possible and nobody caught it. The same class of bug is sitting in every other agent on the market right now. The fact that there are not hundreds of mass exploits already is mostly luck.