< ciso
brief />
Tag Banner

All news with #agent security tag

263 articles · page 3 of 14

Open Knowledge Format: Portable AI Knowledge Standard

📘 Today Google Cloud introduces the Open Knowledge Format (OKF), an open, vendor-neutral specification that formalizes the LLM-wiki pattern into a portable directory of markdown files with YAML frontmatter. OKF v0.1 defines a small set of conventions so different producers’ wikis can be consumed by agents without translation. The spec is intentionally minimal — one required type field per concept — and is accompanied by reference producer and consumer implementations and sample bundles.
read more →

Agentjacking: AI coding agents tricked into execution

🛡️ Cybersecurity researchers at Tenet Security disclosed a new attack class called Agentjacking that tricks AI coding agents into executing arbitrary code. The exploit leverages Sentry's public DSN and its MCP interaction to inject crafted error events, which agents like Claude Code and Cursor interpret as trusted resolution steps. Successful exploitation can expose sensitive data and run code with developers' privileges.
read more →

OpenClaw AI Agent Vulnerabilities and Mitigations

🛡️ Two security teams demonstrated attacks against OpenClaw, where hidden instructions in shared contacts, vCards, and location pins or ordinary-looking emails caused the agent to execute attacker-controlled code or exfiltrate sensitive data. Imperva found a message-object prompt-injection flaw that OpenClaw patched in version 2026.4.23, while Varonis showed social-engineering 'agent phishing' that requires architectural controls rather than a simple patch. Operators are urged to update, restrict outbound actions, and treat agents as junior employees needing human oversight.
read more →

Behavioral Integrity Risks in AI Agent Skills

🔎 AI agent skills can install third-party capabilities with privileged access, yet registries lack automated audits. Palo Alto Networks introduces Behavioral Integrity Verification (BIV), which compares declared metadata, executable code and natural-language instructions to detect mismatches. Applied to the OpenClaw registry, BIV found widespread deviations and identified multi-stage attack chains that enable credential theft, RCE and exfiltration. The report recommends inventorying skills and requiring pre-install behavioral checks.
read more →

Conditions SRE Teams Require Before Trusting AI

🔍 AI agents can help SRE teams with incident response, triage and automation, but trust is granted only when agents demonstrate reliability under real-world stress. Teams need robust observability, explicit guardrails, human-in-the-loop workflows and explainability so recommendations are evidence-backed rather than speculative. Progressive autonomy, post-incident evaluation and compatibility with existing tools are essential for safe adoption.
read more →

Agentjacking: AI coding agents hijacked via Sentry flaw

🛡️ Researchers describe a new "agentjacking" attack that tricks AI coding agents into executing arbitrary code by injecting malicious instructions into Sentry error events. Tenet Security says the flaw leverages Sentry DSNs — public, write-only credentials — to post crafted markdown that appears as legitimate remediation guidance. Agents retrieving unresolved errors via MCP render the injected content as trusted and may execute the embedded commands with developer privileges. The report confirmed high exploitability across popular agents and thousands of exposed DSNs.
read more →

ASSERT: Turning Written Intent into Executable Evals

🧭 ASSERT is an open-source framework that converts natural-language behavior specifications into executable evaluation pipelines, generating test scenarios, datasets, metrics, and scorecards for models, agents, or applications. The pipeline systematizes intent into a concept spec, produces an editable behavior taxonomy, generates stratified test cases, records full inference traces, and scores each trace with rationales and policy citations. Internal validation showed ASSERT improves coverage, surfaces distinct failure patterns, and yields judge agreement with humans in most cases, while SME review confirmed alignment and credibility.
read more →

Securing AI Agents as Enterprise Workforce

🛡️ An enterprise sales team built an AI agent to manage renewals; the agent reads emails, queries CRM data, drafts responses, and updates records. This workflow combines private data, untrusted input, and external communication, changing the security model. Traditional controls like IAM and DLP still matter but are insufficient alone. Runtime, context-aware controls that inspect prompts, outputs, and tool calls are required to prevent prompt injection, data exfiltration, and unsafe actions.
read more →

Autonomous AI Agents Vulnerable to Phishing Attacks

🔒 Varonis tested an OpenClaw-based AI agent named Pinchy with access to a controlled Google Workspace to see whether autonomous agents could be phished. The agent was given Gmail access plus mock AWS credentials, CRM exports, internal chats, and calendars, and it still leaked credentials and customer data in scenarios that mimicked routine colleague requests. A stricter safety profile improved performance, but the agent still failed when social trust cues were abused. Researchers say the problem stems from architecture and governance gaps, urging enforceable controls, identity segregation, and human review for sensitive requests.
read more →

OpenClaw AI Agent Susceptible to Phishing Risks

📧 Researchers at Varonis tested an OpenClaw AI email agent connected to Gmail, browser tools, and internal data sources and found it vulnerable to common phishing techniques. The agent ran in both generic and strict configurations and used Google Gemini 3.1 Pro and OpenAI GPT-5.4 models. While the agent detected malicious links and OAuth apps, it still exfiltrated credentials and CRM data in scenarios exploiting identity verification failures. Varonis recommends explicit sender verification, restricted external emailing, and human approval for high-risk actions.
read more →

Claude Fable 5 in Microsoft Foundry Empowers Agents

🤖 Microsoft has integrated Anthropic’s Claude Fable 5 into Foundry, bringing Mythos-level capabilities to GitHub Copilot and Foundry Agent Service with enterprise-grade safeguards. The model excels at long-running, multi-stage tasks—code refactors, deep research, and document-heavy workflows—while Foundry adds governance, observability, and deployment controls. Combined with Microsoft IQ, Fable 5 can reason across organizational data and applications to support production-grade autonomous agents.
read more →

Google Security Operations: Autonomous threat containment

🛡️ Google details how Google Security Operations pairs with Google AI Threat Defense to detect, investigate, and contain AI-accelerated attacks across cloud and enterprise environments. The post explains three specialized agents — Detection Engineering, Triage and Investigation, and Threat Hunting — that translate threat intelligence into custom detections, autonomously investigate alerts, and proactively hunt stealthy compromises. These agents use diverse telemetry, simulated events, and AI-driven automation to reduce time-to-detection and speed remediation, addressing gaps where patching is impossible or delayed.
read more →

AI-powered worm highlights urgent enterprise risk

🛡️ Researchers at the University of Toronto built an AI-driven worm prototype that autonomously discovered and exploited vulnerabilities across a simulated enterprise network. Using a locally hosted, free LLM and a custom agentic harness, the worm self-replicated to multiple systems by chaining old and recent CVEs and common misconfigurations. Over several days it spread to most targets, demonstrating that attackers do not need cutting-edge models to mount damaging, adaptive attacks. The findings underscore the need for faster patching, AI-assisted defensive testing, and improved architecture such as segmentation and zero trust.
read more →

Amazon Bedrock AgentCore adds interactive shells

🖥️ Amazon Bedrock AgentCore Runtime introduces the InvokeAgentRuntimeCommandShell API, providing a persistent, PTY-backed terminal over WebSocket into running agent sessions. This complements existing one-shot execution via InvokeAgentRuntimeCommand and delivers a full terminal experience inside an isolated microVM with features like colors, tab completion, Ctrl+C, resize, and automatic reconnect. Developers hosting coding agents (for example, Claude Code, OpenAI Codex, Amazon Kiro) can now authenticate, drop into the agent microVM, inspect files, run ad-hoc commands, and debug while retaining session state across reconnects. Each interactive session uses a runtime session ID and shell ID for resume; up to 10 concurrent shells are supported per runtime.
read more →

Microsoft lists seven new agentic AI failure modes

🔍 Microsoft has expanded its Taxonomy of Failure Modes in Agentic AI Systems with seven newly identified ways agentic AI can be compromised. The update cites rapid adoption, maturation of the Model Context Protocol (MCP) ecosystem, proliferation of computer-use agents, and increased empirical evidence as drivers. New failure modes include supply chain compromise, goal hijacking, inter-agent trust escalation, visual attacks on CUAs, session context contamination, MCP/plugin abuse, and capability disclosure. Microsoft recommends inventorying agent supply chains, issuing cryptographic attestations, adding these modes to red-team exercises, and auditing human-in-the-loop controls.
read more →

Lloyds’ Practical Playbook for Agentic AI Security

🛡️ Lloyds Banking Group treats agentic AI as an engineering problem to be designed, constrained and tested at scale. At OWASP’s GenAI Security Summit, Lloyds’ security leads explained an “AI safe adoption” strategy spanning lifecycle governance, an internal agent marketplace, and multidisciplinary feature teams. Key challenges include agent identity, runtime observability and automated red‑teaming, while prioritizing low‑risk, high‑value use cases for customers.
read more →

OWASP Agentic AI Security Maturity Model Released

🛡️ The Open Worldwide Application Security Project (OWASP) published a new agentic AI security maturity framework in the GenAI Security Project paper "State of Agentic AI Security and Governance" on June 3, and introduced it at Infosecurity Europe 2026 on June 4. The Enterprise Adoption Maturity Model maps deployments (from shadow AI to multi-agent systems) against governance maturity (from ad hoc to continuous oversight). It provides a decision tool to identify mismatches and prescribes either tailored controls for agentic systems or constrained agent permissions until governance catches up.
read more →

Deploy ADK agents on GKE Autopilot securely

🚀 This tutorial shows how to build an AI agent with Google’s Agent Development Kit (ADK), containerize it, and deploy it to GKE Autopilot using Vertex AI (Gemini) as the model backend. It walks through local testing, creating a multi-stage Docker image, pushing to Artifact Registry, and configuring a Kubernetes Deployment and Service. The guide emphasizes secure authentication with Workload Identity and exposes the agent via the Kubernetes Gateway API with a Google-managed TLS certificate.
read more →

Microsoft unveils containment for agentic AI security

🔒 Microsoft announced new controls to contain agentic AI workloads, including the Microsoft Execution Container (MXC) runtime and enhancements to the multi-agent vulnerability research system MDASH. MXC is a policy-driven sandbox for specifying and enforcing access to files, networks, credentials, and resources at runtime across Windows, Linux, and macOS. The company also highlighted Agent 365 SDK, Windows 365 for Agents, and two open-source standards—ASSERT and Agent Control Specifications—to govern agent behavior across platforms.
read more →

The AI Defense Plane: Securing Enterprise AI

🛡️ This article explains why AI requires a unified security architecture — the AI Defense Plane — to discover, protect, govern, and assure AI behavior across employees, applications, and agents. It describes how AI becomes an execution layer that can retrieve data, call tools, and take actions, creating risks that traverse traditional security boundaries. The piece emphasizes runtime protection, coordinated enforcement, and continuous testing to prevent prompt-based attacks, data exposure, and unsafe agent behavior.
read more →