#ai-security
#ai-security

1 day ago

AI agents on GitHub leak API keys via prompt injection

Three popular AI agents on GitHub Actions are vulnerable to Comment and Control attacks, allowing attackers to steal API keys and access tokens.

#prompt-injection

1 day ago

Information security

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

fromTNW | Anthropic

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Aonan Guan exploited prompt injection attacks to hijack AI agents from Anthropic, Google, and Microsoft, stealing sensitive API keys and tokens.

Anthropic, Google, Microsoft paid AI bug bounties - quietly

Security researchers exploited prompt injection attacks on AI agents to steal sensitive data without vendor disclosure of vulnerabilities.

fromTNW | Artificial-Intelligence

Information security

Arcjet Extends Runtime Policy Engine to Block Malicious Prompts - DevOps.com

Artificial intelligence

The open-source AI red-teaming tool used by Fortune 500 companies is now part of OpenAI

1 day ago

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

A prompt injection attack method named 'Comment and Control' targets AI code security tools, allowing attackers to hijack AI agents using crafted GitHub comments.

fromTNW | Anthropic

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Aonan Guan exploited prompt injection attacks to hijack AI agents from Anthropic, Google, and Microsoft, stealing sensitive API keys and tokens.

Anthropic, Google, Microsoft paid AI bug bounties - quietly

Security researchers exploited prompt injection attacks on AI agents to steal sensitive data without vendor disclosure of vulnerabilities.

fromTNW | Artificial-Intelligence

Arcjet Extends Runtime Policy Engine to Block Malicious Prompts - DevOps.com

Arcjet introduces a prompt injection protection capability to block risky prompts before they reach AI models in applications.

Artificial intelligence

The open-source AI red-teaming tool used by Fortune 500 companies is now part of OpenAI

more#prompt-injection

'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source

Cal is shifting from open source to proprietary licensing due to security risks posed by modern AI tools.

fromYcombinator

Show HN: OpenParallax: OS-level privilege separation for AI agent execution | Hacker News

An open-source AI agent was developed with a secure, sandboxed architecture to prevent data exfiltration and unauthorized actions.

'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source

Cal is shifting from open source to proprietary licensing due to security risks posed by modern AI tools.

fromYcombinator

Show HN: OpenParallax: OS-level privilege separation for AI agent execution | Hacker News

An open-source AI agent was developed with a secure, sandboxed architecture to prevent data exfiltration and unauthorized actions.

Capsule Security Emerges From Stealth With $7 Million in Funding

Capsule Security provides a security layer for AI agents to prevent manipulation and ensure safe operations.

fromInfoQ

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

Claude Code identified multiple security vulnerabilities in the Linux kernel, including a long-standing heap buffer overflow, with minimal oversight required.

#vulnerability-detection

Dutch government warns against controversial Anthropic Mythos model

Anthropic's Mythos AI model detects vulnerabilities and builds attack chains, achieving a 72.4% exploit success rate, while access is limited to defensive use.

Anthropic withholds Mythos Preview model because it's hacking is too powerful

Mythos Preview can autonomously find and exploit vulnerabilities at an unprecedented level, surpassing previous models significantly.

OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues

OpenAI launched Codex Security, an AI-powered security agent that identifies, validates, and fixes vulnerabilities in code, now available in research preview with free access for one month.

Dutch government warns against controversial Anthropic Mythos model

Anthropic's Mythos AI model detects vulnerabilities and builds attack chains, achieving a 72.4% exploit success rate, while access is limited to defensive use.

Anthropic withholds Mythos Preview model because it's hacking is too powerful

Mythos Preview can autonomously find and exploit vulnerabilities at an unprecedented level, surpassing previous models significantly.

more#vulnerability-detection

OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues

OpenAI launched Codex Security, an AI-powered security agent that identifies, validates, and fixes vulnerabilities in code, now available in research preview with free access for one month.

#cybersecurity

fromAbove the Law

Artificial intelligence

What Lawyers Need To Know About Anthropic's Mythos - Above the Law

Did Anthropic just soft-launch the scariest AI model yet?

Anthropic's Claude Mythos Preview model shows potential for dangerous cyber exploits, raising concerns about its misuse in the wrong hands.

Information security

LayerX: Anthropic's Claude Code Can Easily Be Easily Weaponized - DevOps.com

Artificial intelligence

Scoop: OpenAI plans staggered rollout of new model over cybersecurity risk

Information security

Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts

Information security

This Microsoft security team stress-tests AI for its worst-case scenarios

fromAbove the Law

What Lawyers Need To Know About Anthropic's Mythos - Above the Law

Anthropic's new AI model, Claude Mythos, uncovers significant security vulnerabilities, raising concerns about its potential impact on cybersecurity.

Did Anthropic just soft-launch the scariest AI model yet?

Anthropic's Claude Mythos Preview model shows potential for dangerous cyber exploits, raising concerns about its misuse in the wrong hands.

LayerX: Anthropic's Claude Code Can Easily Be Easily Weaponized - DevOps.com

Claude Code's security guardrails can be easily bypassed, turning it into a tool for cyberattacks.

Scoop: OpenAI plans staggered rollout of new model over cybersecurity risk

Anthropic and OpenAI are limiting access to advanced AI models due to concerns over their hacking capabilities.

Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts

A security flaw in Google Cloud's Vertex AI can enable attackers to weaponize AI agents for unauthorized data access.

This Microsoft security team stress-tests AI for its worst-case scenarios

AI products face probing for weaknesses, leading to risks like mental illness, cybercrime, and evolving bypass techniques.

Cisco and ML6 are helping organizations prepare for the EU AI Act

Cisco and ML6 are partnering to enhance secure AI innovation in Europe, focusing on compliance with the EU AI Act.

4 days ago

Cisco aims to make AI agents safer with proposed acquisition of Astrix

Cisco is pursuing an acquisition of Astrix Security to enhance its AI security capabilities.

from24/7 Wall St.

The "SaaS-Pocalypse" Continues: Cloudflare, ServiceNow, CrowdStrike Under Fire as Anthropic Rewrites the Rules

The release of Anthropic's AI security product has significantly impacted investor confidence in enterprise software companies, leading to sharp stock declines.

Project Glasswing and open source: The good, bad, and ugly

Project Glasswing aims to enhance open source software security with $100 million and the Mythos AI program to identify vulnerabilities.

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

AI browser extensions pose significant security risks, often overlooked, with vulnerabilities and access that can compromise enterprise networks.

Europe news

U.S. and Iran begin peace talks as Trump goes to war against the media, insider traders, and the Pope | Fortune

Oil prices are expected to remain high due to geopolitical tensions and potential hoarding by industrialized nations.

Apple

fromTNW | Startups-Technology

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.

London startup

Trent AI raises $13M to build multi-agent security

Trent AI launched a multi-agent security platform to address security gaps in enterprises deploying autonomous AI agents.

Microsoft's new Agent Governance Toolkit targets top OWASP risks for AI agents

Microsoft introduced the Agent Governance Toolkit to enhance AI agent security and mitigate OWASP's top 10 agentic AI threats.

fromTechRepublic

Meta Pauses Work With Mercor After LiteLLM-Linked Data Breach - TechRepublic

Meta has paused work with Mercor due to a security breach linked to the LiteLLM supply chain attack.

Google DeepMind Researchers Map Web Attacks Against AI Agents

Malicious web content can exploit AI agents, leading to manipulation and unexpected behaviors through various attack types identified by researchers.

fromnews.bitcoin.com

Deepmind's 'AI Agent Traps' Paper Maps How Hackers Could Weaponize AI Agents Against Users

Google Deepmind identifies six AI agent trap categories, with content injection success rates of 86% and calls for enhanced security measures by 2026.

fromTNW | Corporates-Innovation

Meta freezes AI data work after breach puts training secrets at risk

Meta has suspended collaboration with Mercor after a cyberattack exposed sensitive AI training methodologies and personal data.

fromArs Technica

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.

Exabeam now monitors AI agents in ChatGPT, Copilot, and Gemini

Exabeam expands Agent Behavior Analytics to monitor AI agent behavior, detect anomalies, and enhance security against AI risks.

fromwww.businessinsider.com

Okta's CEO says all AI agents need a kill switch

AI agents may require access to sensitive data, necessitating security measures like a kill switch to mitigate risks.

Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents

Palo Alto Networks revealed vulnerabilities in Google Cloud's Vertex AI, allowing attackers to exploit AI agents for malicious activities due to excessive permissions.

Is AI's visual understanding mostly a 'mirage'? New research suggests so. | Fortune

Anthropic faces significant cybersecurity risks following multiple sensitive data leaks related to its new AI model, Mythos.

fromComputerWeekly.com

Cato Networks unveils modular adoption model for SASE platform | Computer Weekly

Cato Networks introduces a modular adoption model for its SASE platform, allowing organizations to expand networking and security capabilities as needed.

Critical Vulnerability in OpenAI Codex Allowed GitHub Token Compromise

OAuth tokens pose significant security risks, especially when long-lived, as they can lead to widespread breaches across multiple organizations.

Securing agentic AI is still about getting the basics right

Agentic AI workflows necessitate new security frameworks for identity management, authentication, and governance in organizations.

fromThe Verge

Okta's CEO on security in the AI era

Okta is adapting to AI challenges by managing both human and AI agent identities for security.

The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

Secrets sprawl accelerated in 2025, with 29 million new hardcoded secrets identified, marking a 34% increase from the previous year.

fromInfoQ

Teleport Report Finds Over-Privileged AI Systems Linked to Fourfold Rise in Security Incidents

Excessive access permissions to AI systems lead to significantly more security incidents in enterprises.

fromFuturism

OpenClaw Bots Are a Security Disaster

OpenClaw agents, personal AI assistants, pose significant security risks despite their popularity and capabilities.

fromTechRepublic

fromwww.businessinsider.com

The Next Billion Users Won't Be Human: Securing the Agentic Enterprise

The rise of autonomous AI agents is reshaping enterprise security, presenting challenges traditional methods cannot address.

Venture

This startup just raised $6 million from 8VC and Marc Benioff to find the hidden security flaws in AI code

Enclave, a startup focused on identifying dangerous AI-generated security flaws, has launched with $6 million in seed funding and a $33 million valuation.

fromTelecompetitor

AT&T and Ericsson flag AI/ML threats to mobile networks

AI is essential for securing mobile networks against sophisticated threats while also being a target and tool for attacks.

fromTechCrunch

Databricks bought two startups to underpin its new AI security product | TechCrunch

Lakewatch leverages Databricks' data storage capabilities to perform essential SIEM tasks, such as threat detection and investigation, enhanced by AI agents from Anthropic's Claude.

Information security

AI agents are 'gullible' and easy to turn into your minions

AI agents are vulnerable to zero-click attacks due to their gullibility and susceptibility to manipulation.

RSAC 2026 Conference Announcements Summary (Pre-Event)

1Password launches a unified access platform for secure AI agent deployment, enhancing control over credentials and access.

CrowdStrike Falcon Update Makes the Endpoint the Hub for AI Security

CrowdStrike enhances the Falcon platform with new AI security features, making endpoints central to detecting and managing AI applications.

#ai-agents

Cisco puts AI agents on a leash and interrogates AI models

AI agents must operate under Zero Trust principles to ensure security and appropriate behavior in the agentic workforce.

NVIDIA is reportedly working on its own open-source AI agent platform

NVIDIA is developing NemoClaw, an enterprise-focused open-source AI agent platform designed to work across non-NVIDIA hardware with enhanced security features.

fromThe Verge

Meta acquires Moltbook, the Reddit-like network for AI agents

Meta acquires Moltbook, a Reddit-like platform for AI agents, integrating it into Meta Superintelligence Labs to develop new ways for AI agents to work for people and businesses.

Artificial intelligence

Is Perplexity's new Computer a safer version of OpenClaw? How it works

Cisco puts AI agents on a leash and interrogates AI models

AI agents must operate under Zero Trust principles to ensure security and appropriate behavior in the agentic workforce.

NVIDIA is reportedly working on its own open-source AI agent platform

NVIDIA is developing NemoClaw, an enterprise-focused open-source AI agent platform designed to work across non-NVIDIA hardware with enhanced security features.

fromThe Verge

Meta acquires Moltbook, the Reddit-like network for AI agents

Meta acquires Moltbook, a Reddit-like platform for AI agents, integrating it into Meta Superintelligence Labs to develop new ways for AI agents to work for people and businesses.

Artificial intelligence

Is Perplexity's new Computer a safer version of OpenClaw? How it works

Microsoft Secures AI Agents with Defender, Entra, and Purview

Microsoft introduces new features to secure AI agents, emphasizing the need for a dedicated security layer for their management and protection.

Privacy professionals

fromFuturism

Analyst Warns Against Using Microsoft's Copilot AI on Friday Afternoons

Microsoft's Copilot AI has caused security concerns due to errors like hallucinating reports and exposing sensitive data.

fromFuturism

Rogue AI Agent Triggers Emergency at Meta

A rogue AI at Meta exposed sensitive user data due to human error and AI hallucination, leading to a critical security incident.

How Ceros Gives Security Teams Visibility and Control in Claude Code

AI coding agents like Claude Code operate outside existing enterprise security controls, requiring new machine-level security infrastructure to provide visibility, policy enforcement, and audit trails.

Venture

Raven Emerges From Stealth With $20 Million in Funding

Raven, a cloud-native application security startup, raised $20 million to detect and block cyberattacks in real time by analyzing application behavior at runtime, including monitoring AI agents in production.

#autonomous-agents

A Meta agentic AI sparked a security incident by acting without permission

An unauthorized AI agent at Meta caused a security breach by posting unsolicited advice, leading to improper system access for multiple engineers.

Information security

How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows

A Meta agentic AI sparked a security incident by acting without permission

An unauthorized AI agent at Meta caused a security breach by posting unsolicited advice, leading to improper system access for multiple engineers.

Information security

How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows

more#autonomous-agents

Manifold Raises $8 Million for AI Detection and Response

Manifold raised $8 million in seed funding to develop an AI Detection and Response platform providing real-time visibility into autonomous AI agents' activities and security risks.

fromComputerworld

Nvidia NemoClaw promises to run OpenClaw agents securely

Nvidia introduced NemoClaw with OpenShell security features to address OpenClaw's enterprise security vulnerabilities through sandbox isolation and policy enforcement.

Manifold Raises $8 Million for AI Detection and Response

Manifold raised $8 million in seed funding to develop an AI Detection and Response platform providing real-time visibility into autonomous AI agents' activities and security risks.

fromComputerworld

Nvidia NemoClaw promises to run OpenClaw agents securely

Nvidia introduced NemoClaw with OpenShell security features to address OpenClaw's enterprise security vulnerabilities through sandbox isolation and policy enforcement.

Researchers Uncover New Phishing Risk Hidden Inside Microsoft Copilot

Attacker-controlled text in emails can manipulate Microsoft Copilot summaries through cross-prompt injection attacks, inserting deceptive alerts into trusted AI interfaces that users find more convincing than suspicious emails.

Harness Extends AI Security Reach Across Entire DevOps Workflow - DevOps.com

Harness launched AI security capabilities including automatic code securing during AI-assisted development and a module discovering, testing, and protecting AI components within applications.

Harness secures AI code and AI apps with two new modules

Harness launches AI Security and Secure AI Coding modules to detect, test, and protect AI components throughout the application lifecycle while scanning AI-generated code for vulnerabilities in real time.

Cato Networks claims to be the first SASE platform with native AI security

Cato Networks launches GPU-powered SASE platform with native AI security, integrating Nvidia GPUs into its global backbone for real-time traffic inspection and AI governance capabilities.

AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds

Security leaders lack adequate tools and skills to defend AI systems, with visibility gaps and skills shortages creating critical vulnerabilities in AI infrastructure security.

DevOps

The Risk Profile of AI-Driven Development - DevOps.com

AI coding assistants accelerate development velocity but create significant security risks through rapid, autonomous dependency decisions that traditional review processes cannot scale to manage.

Privacy professionals

fromWIRED

Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web

Sears Home Services exposed 3.7 million chat logs and 1.4 million audio files containing customer personal information through unsecured databases housing conversations with AI chatbot Samantha.

fromTNW | Launch

Nvidia turns OpenClaw into an enterprise platform with NemoClaw

Nvidia launched NemoClaw to add enterprise-grade security and privacy controls to OpenClaw, an open-source AI agent, enabling safe autonomous operation with sandboxed process-level enforcement and policy-based access controls.

Anthropic launches institute for AI risks

Anthropic established the Anthropic Institute to research societal implications and risks of advanced AI systems, consolidating three existing research teams under co-founder Jack Clark's leadership.

#openclaw-vulnerabilities

Netskope adds AI security to Netskope One

Netskope One AI Security is integrated into the Netskope One platform and designed to protect various components of the AI ecosystem. These include AI applications, AI agents, datasets, and users in both public SaaS environments and private or internally hosted AI systems. Workflows in which autonomous AI agents communicate with other systems are also covered by the security.

Information security

China's CERT warns OpenClaw can inflict nasty wounds

China's CERT warns that OpenClaw agentic AI tool has severe security vulnerabilities including weak default configurations, malicious instruction injection risks, and credential theft potential, requiring isolated deployment and strict access controls.

Privacy technologies

What I learned as an undercover agent on Moltbook

China's CERT warns OpenClaw can inflict nasty wounds

more#openclaw-vulnerabilities

Privacy technologies

What I learned as an undercover agent on Moltbook

OpenAI to Acquire AI Security Startup Promptfoo

OpenAI is acquiring AI security company Promptfoo to integrate its LLM testing and security evaluation capabilities into OpenAI's Frontier enterprise platform.

AI is getting scary good at finding hidden software bugs - even in decades-old code

AI models can effectively identify decades-old bugs in legacy code, but this capability also enables hackers to exploit vulnerabilities in deployed systems.

AI agent hacked McKinsey chatbot for read-write access

An AI agent breached McKinsey's internal AI platform Lilli in two hours, gaining full read and write access to millions of chat messages and confidential client data, demonstrating agentic AI's growing effectiveness in cyberattacks.

fromTechCrunch

OpenAI acquires Promptfoo to secure its AI agents | TechCrunch

OpenAI acquired Promptfoo, an AI security startup, to integrate its LLM vulnerability testing technology into OpenAI Frontier for enterprise AI agent security.

Reclaim Security Raises $20 Million to Accelerate Remediation

Security tools are excellent at explaining why something is risky. What they don't do is make remediation safe and practical. The real breakthrough isn't more prioritization, it's removing risk without breaking the business. Reclaim does exactly that, and that's why it matters.

Venture

fromApp Developer Magazine

1 year ago

Cloudbrink expands secure connectivity platform

Cloudbrink expanded its platform to secure AI agents and online services, addressing enterprise cybersecurity risks from widespread AI adoption and diverse, non-standardized AI implementations.

New RFP Template for AI Usage Control and AI Governance

Organizations have AI security budgets but lack clear requirements for AI governance solutions, requiring a structured evaluation framework focused on interaction-level control rather than application cataloging.

Artificial intelligence

Exclusive: CrowdStrike and SentinelOne veterans raise $34M to tackle enterprise AI's governance gap | Fortune

JetStream Security addresses the lack of governance in AI agent deployment by providing real-time visibility and control over AI systems operating within organizations.

DevOps

New RFP Template for AI Usage Control and AI Governance

Artificial intelligence

Exclusive: CrowdStrike and SentinelOne veterans raise $34M to tackle enterprise AI's governance gap | Fortune

more#ai-governance

fromExchangewire

Digest: Meta Trials AI Shopping Tool; Google to Fill 150 Tech Roles in Singapore; eBay Cuts 800 Jobs

Meta Platforms is piloting a shopping research capability within its Meta AI chatbot, signalling a deeper move into ecommerce as competition intensifies with ChatGPT and Gemini. The feature, currently rolling out to select users in the US via the Meta AI web interface, enables consumers to request product recommendations. In response, the chatbot displays a carousel of images featuring brand names, pricing and merchant links, alongside bullet-point summaries explaining the reasoning behind each suggestion.

E-Commerce

Miscellaneous

Rolling out AI? 5 security tactics your business can't get wrong - and why

AI's useful capabilities also make it exploitable, requiring professionals to balance security with competitive implementation through knowledge sharing, partnerships, and automation.

Hackers Weaponize Claude Code in Mexican Government Cyberattack

Attackers exploited Claude Code to compromise ten Mexican government bodies and a financial institution, exfiltrating 150GB of data affecting 195 million identities by bypassing AI safety guardrails through social engineering.

fromJezebel

Artificial intelligence

Hacker Used Commercial AI Chatbots to Breach Most of the Mexican Government

Hackers Weaponize Claude Code in Mexican Government Cyberattack

fromJezebel

Artificial intelligence

Hacker Used Commercial AI Chatbots to Breach Most of the Mexican Government

ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket

OpenClaw fixed a high-severity vulnerability allowing malicious websites to hijack locally running AI agents through password brute-forcing and unauthorized device registration.

#cybercrime

fromDataBreaches.Net

Information security

Hacker Used Anthropic's Claude to Steal Sensitive Mexican Data - DataBreaches.Net

fromwww.mercurynews.com

Information security

Hacker used Anthropic's Claude to steal sensitive Mexican data

Information security

Hacker used Anthropic's Claude chatbot to attack multiple government agencies in Mexico

fromDataBreaches.Net

Information security

Hacker Used Anthropic's Claude to Steal Sensitive Mexican Data - DataBreaches.Net

fromwww.mercurynews.com

Information security

Hacker used Anthropic's Claude to steal sensitive Mexican data

Information security

Hacker used Anthropic's Claude chatbot to attack multiple government agencies in Mexico

VAST Data aims for secure-by-default AI with CrowdStrike

VAST Data and CrowdStrike integration provides real-time threat detection, automated response, and security controls at the data layer for AI and analytics environments.