Security

Huntress — Fake OpenClaw installers spread GhostSocks — 2026-03-07
Noma Security — ContextCrush in Context7 MCP server — 2026-03-07
AI Agent Security Threat Model 2026 — 2026-03-06
Check Point Research — Claude Code project-file RCE & key exfil — 2026-03-06
Securing MCP and Agent Tool Supply Chains — 2026-03-06
Microsoft Security Blog — malicious AI assistant extensions harvest LLM chat histories — 2026-03-06
Prompt Injection Defense Playbook (2026) — 2026-03-06
Cisco Talos — 2025 CVE retrospective (AI-related CVEs double) — 2026-03-06
VulnerableMCP — MCP security database for real-world tool flaws — 2026-03-06
Unit 42 — Web-based indirect prompt injection observed in the wild — 2026-03-05
Techzine — DeepKeep AI Agent Scanner — 2026-03-04
BlacksmithAI — Multi-agent penetration testing framework — 2026-03-03
Oasis Security — ClawJacked OpenClaw WebSocket takeover — 2026-03-03
MIT AI Agent Index — transparency gaps in agent safety reporting — 2026-03-01
Orca Security — RoguePilot GitHub Copilot prompt injection — 2026-03-01
SD Times — MCP privacy and security gaps — 2026-02-28
IBM — X-Force Threat Intelligence Index 2026 — 2026-02-27
Provos.org — IronCurtain agent sandbox architecture — 2026-02-27
Check Point Research — Claude Code hooks/MCP RCE — 2026-02-26
CrowdStrike — 2026 Global Threat Report: AI-accelerated adversaries — 2026-02-26
Trail of Bits — Comet prompt-injection audit — 2026-02-26
Pillar Security — Operation Bizarre Bazaar LLMjacking campaign — 2026-02-25
Socket — SANDWORM_MODE npm worm targets AI coding tools — 2026-02-25
Veza — Access Agents for AI identity governance — 2026-02-25
GitHub Advisory — Cline unauthorized npm publish added postinstall — 2026-02-24
Kai Security AI — Honeypot MCP server logs AI agent probing — 2026-02-23
Phoenix Security — SANDWORM_MODE npm worm poisons AI toolchains — 2026-02-23
Unit 42 — 2026 IR report on AI-accelerated attacks — 2026-02-23
Cisco — State of AI Security 2026 report — 2026-02-22
Microsoft — Copilot summarized confidential emails despite DLP labels — 2026-02-21
Microsoft Security Blog — Running OpenClaw safely — 2026-02-21
NIST — AI Agent Standards Initiative — 2026-02-21
OpenAI — ChatGPT Lockdown Mode — 2026-02-21
Check Point — AI assistants as C2 proxies — 2026-02-20
mbgsec — Cline issue-triage prompt injection led to npm supply-chain publication — 2026-02-20
Google GTIG — AI Threat Tracker: distillation & integration — 2026-02-20
Praetorian — MCP server attack surface research — 2026-02-20
Cerbos — MCP Authorization for AI Agents — 2026-02-19
PromptArmor — Link preview data exfiltration in agent chats — 2026-02-19
Snyk — AI Agent Guardrails — 2026-02-19
Straiker STAR Labs — SmartLoader poisons an Oura MCP server — 2026-02-19
University of Toronto — MCP security risk guidance — 2026-02-19
Microsoft Security Blog — Copilot Studio agent misconfigurations — 2026-02-18
OWASP — Secure MCP Server Development Guide — 2026-02-18
Cyata — Anthropic MCP Git server prompt-injection CVEs — 2026-02-17
LayerX — Claude Desktop Extensions zero-click RCE via calendar event — 2026-02-17
AgentAudit — MCP server security findings across 194 packages — 2026-02-16
Microsoft Security Blog — AI recommendation poisoning — 2026-02-13
Praetorian — Augustus open-source LLM prompt-injection scanner — 2026-02-11
Ars Technica — Moltbook prompt worms and viral prompt injection — 2026-02-10
Endor Labs — MCP needs AppSec as classic vulns hit agent tooling — 2026-02-10
Levo — Launch Week 2026 adds AI firewall + MCP security testing — 2026-02-10
Trend Micro — OpenClaw’s Agentic Assistant Risk Map — 2026-02-10
Operant AI — Agent Protector for runtime agent security — 2026-02-09
Radware — Agentic AI Protection Solution launch — 2026-02-09
AuthMind — OpenClaw’s 230 malicious skills expose agentic supply-chain risk — 2026-02-07
Infosecurity Magazine — ZombieAgent zero-click prompt injection in ChatGPT connectors — 2026-02-07
Darktrace — 2026 State of AI Cybersecurity Report: 76% of Security Pros Worried About AI Agent Risk — 2026-02-06
Noma Security — DockerDash: Prompt Injection in Docker Ask Gordon AI Enables RCE via Image Metadata — 2026-02-06
ThreatDown — 2026 State of Malware: AI Drives Machine-Scale Cyberattacks — 2026-02-05
Vectra AI — From Clawdbot to OpenClaw: Automation as a Backdoor — 2026-02-04
NVIDIA AI Red Team — Mandatory sandbox controls for agentic coding workflows — 2026-02-03
Clutch Security — 95% of enterprise MCP servers run on endpoints with zero security visibility — 2026-02-02
GitGuardian / NHIcon 2026 — Agentic AI forces a paradigm shift in non-human identity security — 2026-02-02
InstaTunnel — Agent hijacking and intent breaking: the goal-oriented attack surface — 2026-02-02
Keyfactor — Two-thirds of enterprises say AI agents are a bigger security risk than humans — 2026-02-02
Christian Schneider — From LLM to agentic AI: how agents amplify prompt injection into kill chains — 2026-02-02
Check Point / Lakera — 40% of 10,000 MCP servers found to have security weaknesses — 2026-02-01
Dev.to — Implementing Sudo for AI Agents — 2026-02-01
The Register — Ungoverned AI agent identities are the new shadow IT — 2026-02-01
Reuters — Open-Source AI Models Vulnerable to Criminal Misuse — 2026-02-01
Trend Micro — ÆSIR: AI Agents Finding Zero-Days in AI Infrastructure — 2026-02-01
arXiv — EchoLeak: zero-click prompt injection in Microsoft 365 Copilot — 2026-01-31
Cisco — Personal AI agents like OpenClaw are a security nightmare — 2026-01-31
CrowdStrike — Agentic tool chain attacks (tool poisoning, shadowing, rugpull) — 2026-01-31
DataDome — MCP prompt injection & tool poisoning defenses — 2026-01-31
LangChain — January 2026 newsletter (agent robustness + observability/evals) — 2026-01-31
GitHub Advisory — node-tar hardlink path traversal (CVE-2026-24842) — 2026-01-31
Pen Test Partners — Eurostar chatbot guardrail bypass + ID tampering — 2026-01-31
Snyk — Clawdbot/Moltbot prompt injection: ‘one email away from disaster’ — 2026-01-31
Wiz — ZeroDay.cloud: cloud + AI infra zero-days — 2026-01-31
AWS/Wiz — CodeBreach: unanchored ACTOR_ID filters in CodeBuild webhooks — 2026-01-30
Bitdefender — Hugging Face abused to distribute polymorphic Android RAT payloads — 2026-01-30
Bizarre Bazaar: attackers monetizing exposed LLM & MCP endpoints (LLMjacking) — 2026-01-30
Operation ‘Bizarre Bazaar’: LLMjacking campaign targets exposed LLM/MCP endpoints (Pillar Security) — 2026-01-30
CISA/NCSC-UK/FBI — Secure connectivity principles for OT networks — 2026-01-30
Cisco Security Blog — Foundation AI’s push for agentic security systems — 2026-01-30
curl — Ending its bug bounty after an AI slop flood — 2026-01-30
Google Developers Blog — Gemini CLI hooks for policy & automation — 2026-01-30
Google: Gemini 3 in Chrome adds an agentic ‘auto browse’ workflow — 2026-01-30
GreyNoise — Threat actors actively targeting exposed LLM endpoints — 2026-01-30
Bitdefender — Android dropper used Hugging Face datasets to deliver RAT payloads — 2026-01-30
Kaspersky — OWASP Agentic Top 10 (2026): practical risks + controls for AI agents — 2026-01-30
Model Context Protocol — MCP Apps: UI components inside agent chats — 2026-01-30
Microsoft: runtime inspection to block risky AI agent tool calls — 2026-01-30
Microsoft — turning threat reports into detection insights with AI — 2026-01-30
n8n: sandbox escape bugs lead to full RCE in self-hosted instances — 2026-01-30
NIST/CAISI — RFI on security practices for AI agents — 2026-01-30
OpenAI — Hardening ChatGPT Atlas against prompt injection — 2026-01-30
Varonis — Reprompt: single-click Copilot prompt injection chain for silent data exfiltration — 2026-01-30
Varonis — Reprompt one-click Copilot session hijack (patched) — 2026-01-30
AI Email Triage Workflow (labels, summaries, suggested replies) — 2026-01-29
AI security news digest: what to watch this week — 2026-01-29
CISA/NSA/FBI — Deploying AI systems securely (joint guidance) — 2025-06-03
Google — SAIF (Secure AI Framework): a practitioner’s map — 2025-05-12
OWASP — Top 10 for LLM Apps: what to fix first — 2025-04-18
NIST — AI Risk Management Framework (RMF) for security teams — 2025-03-10