Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A prompt injection attack hit Claude Code, Gemini CLI, and Copilot simultaneously. Here's what all three system cards reveal — and don't — about agent runtime protection.

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

How indirect prompt injection attacks on AI work - and 6 ways to shut them down ...

One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...
Tech Times

Shannon Lite v1.2.0 on Claude Opus 4.7: Anthropic’s New Cyber Safeguards Require Pentesters to Enroll Before Scans

Shannon Lite, the autonomous white-box penetration testing tool built by San Francisco-based Keygraph, shipped version 1.2.0 ...
InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the security risks of hallucinated dependencies.
SecurityWeek

AI Coding Agents Could Fuel Next Supply Chain Crisis

Researchers demonstrate how attackers can weaponize trusted repositories to hijack AI coding assistants and compromise ...
Onrec

How HR Teams Are Addressing Cybersecurity Risks in Remote Recruitment Workflows

Overlooking Dependency Risks Developers frequently install packages without verifying their integrity. Attackers publish ...
Security Boulevard

Benchmarking AI Pentesting Tools: A Practical Comparison

Escape, Shannon, Strix, PentAGI, and Claude against a modern vulnerable application. Learn more about their detection rates, false positive rates, and scanning speed.
InfoWorld

9 application security startups combating AI risks

AI is collapsing the security boundaries between code, pipeline, and runtime. These startups are racing to fill the gaps.

OpenAI Launches Daybreak the Same Day Google Confirmed the First AI-Built Zero-Day Attack

On May 11, the same day Google's Threat Intelligence Group disclosed the first confirmed case of attackers using AI to build ...

How a free NFT reportedly tricked Grok into losing $174,000

A reported Grok-linked crypto incident shows how a free NFT and AI prompt injection allegedly led to a $174,000 token loss on ...
Security Boulevard

Claude Code for Engineers: A Practitioner’s Playbook for Software, QA, and Security Teams

The opinionated guide to running Claude Code well. CLAUDE.md, skills, subagents, hooks, and the workflows that produce ...