Articles tagged: security — The New Claw Times

Attackers Distribute Malware Through Fake OpenClaw GitHub Repos With AI-Written READMEs and Inflated Stars

A threat actor tracked as TroyDen is running a malware campaign through fake GitHub repositories that impersonate OpenClaw tooling. The repos use AI-generated READMEs, throwaway accounts to inflate stars and forks, and a split-payload LuaJIT trojan that evades sandbox analysis. Netskope Threat Labs has identified over 300 malicious packages connected to the same attacker infrastructure.

News March 25, 2026

3 min read

IBM, Auth0, and Yubico Launch Hardware-Backed Human-in-the-Loop Authorization for AI Agents at RSAC 2026

A new partnership between IBM, Auth0, and Yubico introduces a framework that requires a physical YubiKey tap from a verified human before AI agents can execute high-risk actions like large financial transfers or production code deployments. The architecture combines IBM WatsonX orchestration, Auth0's CIBA-based identity flows, and Yubico's hardware-attested credentials to create cryptographic proof of human approval. Separately, Yubico partnered with Delinea to bring hardware-attested Role Delegation Tokens into Delinea's privileged access platform for AI agents.