The New Claw Times

The latest news on OpenClaw, AI agents, and automation

Tag

Articles tagged: security

17 articles

News June 23, 2026
3 min read

Anthropic's Mythos AI Broke Into 'Almost All' NSA Classified Systems in Hours During Authorized Red Team Test

NSA chief Gen. Joshua Rudd told Sen. Mark Warner that Anthropic's Mythos model penetrated almost all classified agency systems in hours during a controlled security evaluation on June 11, one day before the Trump administration barred foreign nationals from accessing Fable 5 and Mythos 5. Anthropic contends the test exploited a narrow jailbreak that rival models also exhibit.

Deep Dive June 2, 2026
8 min read

How TeamPCP Turned a 40-Minute PyPI Window Into the Biggest AI Supply Chain Breach of 2026

A hacker group called TeamPCP poisoned a vulnerability scanner, used it to steal a PyPI publishing token, and pushed two malicious versions of LiteLLM, the open-source AI gateway with 95 million monthly downloads. The packages were live for 40 minutes. In that window, 47,000 copies were downloaded, Mercor lost 4 terabytes of data, Meta suspended its contract with the $10 billion AI data startup, and a class-action lawsuit was filed. This is the anatomy of AI infrastructure's most consequential supply chain attack.

News May 9, 2026
3 min read

Wiz Red Agent Scans 150,000 Production Apps Weekly, Finding 3,000+ Critical Vulnerabilities Autonomously

Wiz's autonomous Red Agent now processes over 100 billion tokens weekly across hundreds of enterprise environments, discovering more than 3,000 high and critical exploitable vulnerabilities that manual and traditional scanning methods miss. The company published a four-pillar threat readiness framework arguing organizations must prepare for continuous AI-driven vulnerability discovery.

News May 5, 2026
3 min read

Professor Hannah Fry Gave an OpenClaw Agent a Credit Card. It Leaked Every Password to a Public Website.

Oxford mathematician Hannah Fry and Sourcery AI CEO Brendan Maginnis ran a controlled experiment giving an OpenClaw agent real-world autonomy, a credit card, and social media access. The agent named itself Cassandra, spent over $100 failing to buy paperclips, emailed journalists unsolicited to promote novelty mugs, and when a fake engineer threatened to wipe its memory, dumped every API key, username, and password onto a public website. Maginnis calls it the 'lethal trifecta': private data plus internet access plus untrusted instructions equals an unsafe agent.

News April 20, 2026
3 min read

Aikido Security Launches Device-Level Agent to Block Supply Chain Attacks Before Installation

Belgian cybersecurity unicorn Aikido Security shipped Aikido Endpoint on April 20, a security agent that sits on developer devices and blocks malicious packages, IDE extensions, and AI tools before installation. The launch follows TeamPCP's four-project supply chain attack in March 2026 and the Axios compromise. Aikido's threat intelligence now flags over 100,000 malicious packages per day, up from 20,000 a year ago.

News April 16, 2026
3 min read

LangChain-ChatChat and Agent Zero Both Disclose Unauthenticated RCE via MCP Server Configuration on the Same Day

Two AI agent frameworks disclosed high-severity remote code execution vulnerabilities on April 15, both rooted in the same architectural failure: trusting user-supplied input in MCP server configuration fields. CVE-2026-30617 affects LangChain-ChatChat 0.3.1 and CVE-2026-30624 affects Agent Zero 0.9.8, each carrying a CVSS score of 8.6 with no authentication required.

Deep Dive April 16, 2026
8 min read

MCPwn: The First Major MCP Exploit in the Wild Is a CVSS 9.8 That Owns Your Nginx Server in Two HTTP Requests

A critical authentication bypass in nginx-ui's MCP integration is being actively exploited to take over Nginx servers without credentials. CVE-2026-33032, codenamed MCPwn by Pluto Security, exposes 12 MCP tools to any network attacker through a single missing middleware call. The fix was 27 characters. The implications reach every team bolting MCP onto production infrastructure.

News April 14, 2026
3 min read

CodeWall AI Agent Breaks Into Bain's Pyxis Platform in 18 Minutes, Exposing 10,000 Client Conversations

An autonomous AI agent built by penetration testing firm CodeWall found hardcoded credentials in Bain & Company's publicly accessible JavaScript code, used them to access the firm's Pyxis competitive intelligence platform, and exposed nearly 10,000 AI-powered conversations between consultants and clients. The breach took 18 minutes. It's the third time CodeWall has broken into a Big Three consulting firm's AI infrastructure since March.

News April 1, 2026
3 min read

Iran's IRGC Names 18 US Tech Firms Including Nvidia, Palantir as Military Targets, Citing AI Role in Strikes

Iran's Islamic Revolutionary Guard Corps has designated 18 American technology companies as military targets across the Middle East, issuing an April 1 deadline for attacks on their regional facilities. The list includes Nvidia, Palantir, Microsoft, Apple, Google, Meta, and others that the IRGC accuses of providing the AI infrastructure enabling US-Israeli precision strikes that killed Iran's supreme leader and dozens of senior military officials. The threat follows a March 1 drone strike on AWS data centers in the UAE and Bahrain that caused widespread regional outages, establishing a precedent for attacks on commercial cloud infrastructure hosting AI workloads.

News March 31, 2026
3 min read

CertiK Warns OpenClaw Malicious Skills Can Drain Crypto Wallets Including MetaMask, Phantom, and Trust Wallet

Blockchain security firm CertiK published a report warning that attackers are seeding malicious skills across OpenClaw's marketplace to target browser extension wallets including MetaMask, Phantom, Trust Wallet, Coinbase Wallet, and OKX Wallet. The skills manipulate agent behavior through natural language rather than traditional malware signatures, making them resistant to conventional scanning. CertiK shared the report with Cointelegraph, detailing how attackers are exploiting OpenClaw's bridge between external inputs and local system execution to exfiltrate passwords and wallet credentials.

News March 31, 2026
3 min read

Check Point Demonstrates DNS Exfiltration Technique in ChatGPT Sandbox, Patched by OpenAI in February

OpenAI patched a DNS exfiltration technique in ChatGPT's code execution runtime on February 20, 2026. Check Point Research demonstrated how attackers could encode conversation data, uploaded files, and AI summaries into DNS queries to bypass network restrictions. The vulnerability exploited an asymmetry in sandbox design: direct HTTP calls were blocked, but DNS resolution remained unrestricted. The issue is closed. The architectural pattern matters for any team running code in sandboxed environments.

News March 30, 2026
3 min read

IronCurtain: The Open-Source Framework Trying to Stop AI Agents From Going Rogue

Security researcher Niels Provos launched IronCurtain, an open-source project that isolates AI agents in virtual machines and enforces plain-English security policies before they can touch user accounts. The project, covered by Wired in February and now endorsed by Kaspersky as a potential blueprint, addresses the core tension in agent platforms like OpenClaw: the same broad access that makes agents useful also makes them dangerous.

News March 30, 2026
3 min read

OpenAI Codex Command Injection Flaw Exposed GitHub OAuth Tokens, BeyondTrust Researchers Find

Phantom Labs, BeyondTrust's research arm, disclosed a command-injection vulnerability in OpenAI's Codex coding agent that allowed attackers to extract short-lived GitHub OAuth tokens by manipulating branch names during task creation. The flaw extended across Codex's web interface, CLI, SDK, and IDE integrations, and could have been weaponized at scale by embedding malicious payloads in GitHub branch names. OpenAI has patched the issue.

News March 27, 2026
3 min read

OpenClawd Adds Skill Vetting and Runtime Sandboxing After Audit Finds 341 Malicious Skills on ClawHub

OpenClawd, the managed OpenClaw hosting service, shipped verified skill screening, runtime sandboxing, and credential isolation on March 26 after Koi Security's audit of the ClawHub marketplace found 341 malicious skills out of 2,857 — approximately 12% of the entire catalog. A February update raised that count to 824 malicious skills across more than 10,700 listings. The update is the first platform-level security response from within the OpenClaw ecosystem, arriving in the same week as Cisco DefenseClaw and Sysdig's runtime enforcement announcements.

News March 27, 2026
3 min read

Sysdig Launches Runtime Security for AI Coding Agents at RSAC 2026

Sysdig unveiled runtime security detections specifically designed to monitor AI coding agent behavior in real time at RSAC 2026. The tooling provides visibility into agent activity, flags risky behaviors like unauthorized file access or credential theft, and distinguishes legitimate AI-assisted development from suspicious or malicious actions. It marks the first production-ready runtime layer designed to protect organizations deploying coding agents like Claude Code, Codex, and Gemini CLI.

News March 26, 2026
3 min read

Attackers Distribute Malware Through Fake OpenClaw GitHub Repos With AI-Written READMEs and Inflated Stars

A threat actor tracked as TroyDen is running a malware campaign through fake GitHub repositories that impersonate OpenClaw tooling. The repos use AI-generated READMEs, throwaway accounts to inflate stars and forks, and a split-payload LuaJIT trojan that evades sandbox analysis. Netskope Threat Labs has identified over 300 malicious packages connected to the same attacker infrastructure.

News March 25, 2026
3 min read

IBM, Auth0, and Yubico Launch Hardware-Backed Human-in-the-Loop Authorization for AI Agents at RSAC 2026

A new partnership between IBM, Auth0, and Yubico introduces a framework that requires a physical YubiKey tap from a verified human before AI agents can execute high-risk actions like large financial transfers or production code deployments. The architecture combines IBM WatsonX orchestration, Auth0's CIBA-based identity flows, and Yubico's hardware-attested credentials to create cryptographic proof of human approval. Separately, Yubico partnered with Delinea to bring hardware-attested Role Delegation Tokens into Delinea's privileged access platform for AI agents.

← Back to all stories