All Posts
-
What is Claude Mythos? Experts explain the impact on the cybersecurity industry
Claude Mythos points to a future where exploit discovery gets cheaper and faster. The real test is turning those findings into prioritized, verified risk reduction.
-
What is agentic governance – and why it matters now
Autonomous agents operate inside the trust boundary with real credentials and real authority. Agentic governance is how security teams track, restrict, and audit what those agents are allowed to do before a bad instruction becomes a business incident.
-
The MCP server nobody authenticated
nginx-ui shipped an MCP endpoint with no authentication, exposing destructive server-management tools to the internet. The bug is a warning about how fast teams are bolting AI protocols onto production systems without basic web security.
-
A Roblox cheat burned Vercel
A Context.ai employee downloaded a Roblox cheat and it ended with Vercel customer data for sale on BreachForums. The connector was a single OAuth grant.
-
The Attack is Coming from Inside the API: Surviving the Rogue Agent Era
99% of AI-era attacks come from authenticated sources. The agent already has the credential. This is what that breaks, and why every security vendor is racing to name the category first.
-
The governance gap nobody is closing: why AI policy is stuck on models while agents run unsupervised
MIT and Georgetown classified 1,000+ AI governance documents and found almost nothing on agentic risks. The policy world is regulating 2024 problems in 2026.
-
Twenty Hours
Langflow got popped again. CVE-2026-33017 was weaponized in twenty hours, attackers harvested AI credentials, and it is the third critical RCE in twelve months. The agentic AI ecosystem has a structural security problem.
-
400 Million Downloads a Month and Nobody Was Watching: The Axios npm Compromise
Hackers hijacked the lead maintainer account of Axios, the most popular JavaScript HTTP client, and pushed malicious versions that deployed cross-platform RATs. The attack was live for three hours.
-
NemoClaw Gets Agent Security Right. The Hard Part Is What Comes Next.
NVIDIA shipped OpenShell to sandbox AI agents. Its L7 policy engine and kernel-level isolation set a new bar. But the semantic trust layer, understanding what agents are actually saying to each other, remains an open problem.
-
Your AI Stack Just Handed Over Your Root Keys: Inside the litellm PyPI Breach
The popular litellm Python package was compromised on PyPI. Versions 1.82.7 and 1.82.8 contain malicious code that steals cloud credentials, SSH keys, and Kubernetes secrets.
-
The Road to Agentic AI: Navigating Architecture, Threats, and Solutions
A comprehensive analysis of agentic AI system architecture across four layers — data, orchestration, agent, and system — with threat modeling and security recommendations for each.
-
CISOs in a Pinch: A Security Analysis of OpenClaw
The viral rise of OpenClaw marks the end of the chatbot era and the beginning of the sovereign agent era. What does this mean for enterprise security?
-
The $0 AI Pipeline That Outperforms Your $360K Cloud Stack
A patent lawyer with no ML background classified 3.5 million US patents using a single RTX 5090. The enterprise AI cost model is breaking apart — and so is the security model that came with it.
-
AIの新たな潮流〜1,000億パラメータの巨大モデルは「足かせ」になりつつある
「大きければ大きいほど良い」というAIの常識に異を唱える。小さく、目的に特化したモデルの群れが巨大モデルを凌駕する未来を考察。
-
The Week Model-Level Safety Died. I Wrote the Eulogy Six Months Ago.
OpenAI erased "safely" from its mission. Microsoft proved one prompt can strip alignment from 15 models. Anthropic dropped its safety pledge. Three events, one conclusion: model-level safety is dead as a standalone strategy.
-
Claude Code Security Set the Cybersecurity Stocks on Fire - Here's the Signal in the Smoke
Anthropic's Claude Code Security is a real leap for pre-deployment scanning — but the market sell-off is a category error. Code scanning doesn't replace runtime protection, and the real threat is the AI agents themselves.
-
拡散するAIと不可視のリスク:OpenClawが描き出すエージェント型アシスタントの現在
OpenClawの能力が従来のツールと比べてどのように進化しているのかを確認しつつ、エージェント型AIという枠組みそのものに内在するセキュリティリスクを明らかにする。
-
Viral AI, Invisible Risks: What OpenClaw Reveals About Agentic Assistants
OpenClaw represents a new frontier in agentic AI — powerful, autonomous, and easy to use. We examine its capabilities and the security implications for organizations.
-
The Agentic AI Hangover: The Unsolved Problem of Agentic Security
Part 3 of a three-part series. Authentication is getting easier, but authorization — deciding what an AI agent is actually allowed to do — remains the hardest unsolved problem in security.
-
The Agentic AI Hangover: Why Traditional Security Models Break
Part 2 of a three-part series. The confused deputy returns at scale — how probabilistic AI plans trigger deterministic API calls, and why your RBAC, tokens, and audit logs were never built for this.
-
The Agentic AI Hangover: The Shift is Real and Irreversible
Part 1 of a three-part series. The agentic AI market hit $8 billion in 2025 with 79% of enterprises deploying agents. The security challenge: preventing irreversible actions based on misunderstood intent.
-
Your 100 Billion Parameter Behemoth is a Liability
The 'bigger is better' era of AI is hitting a wall. A 7-million parameter model beats frontier LLMs at logic. The future isn't a single omniscient model — it's billions of tiny, specialized ones.
-
AI侵害のドミノ作用:AIチャットアプリを狙った攻撃が業界全体に波及
Salesloft社のAIチャット機能「Drift」を狙った攻撃により700社以上に影響。AI導入に伴うサプライチェーンリスクを分析。
-
大規模言語モデル(LLM)はどのようにして侵害されるのか?その対策は?
モデルファイルへの不正な指示埋め込み、不正なLoRA、データポイズニングなど、LLMを狙った攻撃手法とその対策を解説。
-
Securing LLM Applications Against OWASP Top 10 Risks
A deep dive into the OWASP Top 10 for LLM applications and how enterprise security platforms are evolving to address generative AI threats.
-
IAM in Danger: Why Red Hat's 'Important' Rating for CVE-2025-10725 is Dangerously Wrong
A simple RBAC misconfiguration in Red Hat OpenShift AI lets any authenticated user become a full cluster administrator. Red Hat calls it Important. With a CVSS of 9.9, the rest of the world calls it Critical.
-
AI-Generated SVGs: The Phishing Attack Designed to Bore Your Defenses to Death
Attackers are using LLMs to write obfuscated phishing code hidden inside SVG files, disguised as boring business reports to evade security filters.
-
From AI-Assisted to AI-Autonomous Threats: Are You Ready?
The building blocks for fully autonomous cyber threats already exist. From weaponized AI assistants to self-propagating worms, the transition from proof-of-concept to real-world attacks is accelerating.
-
He Who Controls the Tokens Controls the Supply Chain: The New Face of Automated Attacks
From the s1ngularity attack that weaponized AI assistants to the Shai-Hulud worm that automates the entire attack lifecycle — the open-source supply chain is under siege.
-
Securing Agentic AI - A Unique Challenge
A deep dive into the security threats unique to agentic AI architectures — from reasoning manipulation and memory poisoning to multi-agent collusion and human oversight failures.
-
AIのリスクに先手:Trend Vision OneでLLMアプリケーションを保護
OWASPが定めるLLMのセキュリティリスクトップ10に対し、Trend Vision Oneがどのような防御を提供するかを解説。
-
So... What IS an AI Agent?
Cutting through the marketing noise to find a real definition of AI agents by examining how OpenAI, Google, Anthropic, and AWS define them — and what they all have in common.