Topic

Agent Security

Controls and attack paths for browsing, tool use, memory, identity, and action-taking agents.

agent securityai agentstool securitymemory poisoningaction approvals
Evergreen Overview

Agent security is about what happens when AI systems can browse, use tools, remember state, and take actions across multiple steps. The security boundary moves from a chat response to a longer workflow with identity, permissions, memory, and operational consequences.

Core agent security questions
  • What tools the agent can reach and under which identity
  • How memory, plans, and previous steps influence later actions
  • What approvals or reversibility exist when the agent gets it wrong
Common failure patterns
  • Unsafe tool use and hidden privilege expansion
  • Prompt injection flowing into planning and execution
  • Long-running workflows accumulating risky state or momentum
Who this page is for
  • Teams shipping assistant-to-agent product transitions
  • Practitioners studying autonomy and tool use
  • Operators responsible for controls around high-impact actions
References

Current notes, events, and source material

These items are included because they add useful evidence, framing, implementation detail, or upcoming context for teams working in this area.

The Hacker News AI Security July 13, 2026 news

New MemGhost Attack Plants Persistent False Memories in AI Agents Through One Email

Give an AI assistant a memory and access to your inbox, and you hand an attacker a way to rewrite what it thinks it knows about you. A single email can trick that agent into saving a false "fact" about the user, hide the change, and quietly steer its answers in later sessions. When it works, the person reads an ordinar

The Hacker News AI Security July 13, 2026 news

Thinking Fast and Slow in the SOC: The Case for Combining Autonomous AI with Analyst Copilots

A few days ago, I was sitting with the CISO of a Fortune 50 company, walking through how his security team was thinking about AI agents in the SOC. Smart team. Serious program. They had already connected Claude to a few detection tools and were seeing real value in specific investigations. But as we mapped out the broa

The Hacker News AI Security July 10, 2026 news

Researcher Details WhatsApp-to-Host Attack Chain Using Three OpenClaw Flaws

Details have emerged about three now-patched security flaws in the OpenClaw personal artificial intelligence (AI) assistant that, if successfully exploited, could enable credential theft, privilege escalation, and arbitrary code execution on the host. A brief description of the high-severity vulnerabilities is as follo

A Model Explosion: GPT 5.6 Sol, Grok 4.5 and Meta Muse Rewrite the Rules video thumbnail Play video
AI Explained YouTube July 10, 2026 video

A Model Explosion: GPT 5.6 Sol, Grok 4.5 and Meta Muse Rewrite the Rules

What a week in AI, for real. GPT 5.6 may actually beat Claude Fable, in what you get for your money, while the new Grok 4.5 and Meta Muse Spark 1.1 make the choice even harder. Uncovering a dozen nuggets of gold you may have missed from all the viral headlines, I can also assure you you’ll learn something you didn’t kn

The Hacker News AI Security July 9, 2026 news

Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It

Ask an AI coding agent to scan open-source code for security holes, and it might run the attacker's code on your own machine instead. That is the finding in a proof-of-concept published Wednesday by the AI Now Institute, an attack it calls "Friendly Fire." It works against Anthropic's Claude Code and OpenAI's Codex whe

The Hacker News AI Security July 9, 2026 news

GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents

Researchers at Wiz found that a flaw in six popular AI coding assistants lets a booby-trapped code project quietly take control of a developer's computer. The assistant asks permission to edit one harmless-looking file, but the write lands on a sensitive one instead. The affected tools are Amazon Q Developer, Anthropic

AWS Security Blog July 8, 2026 analysis

Designing for the inevitable: System prompt leakage and mitigations in generative AI applications

System prompts form the foundation of generative AI applications. A system prompt is a collection of instructions and operational context provided to a large language model (LLM) that shapes how the model behaves and interacts with users and tools. System prompts often contain proprietary information, including role de

The Hacker News AI Security July 8, 2026 news

AI Coding Agents Found Triggering Endpoint Security Rules Built to Catch Attackers

Sophos looked at a week of its own endpoint data and found that AI coding agents such as Claude Code, Cursor, and OpenAI Codex are setting off detection rules written to catch human intruders. The agents are not malicious. They just do a lot of things that, to a behavioral engine, look exactly like an attack. Decryptin

The Hacker News AI Security July 8, 2026 news

CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities are listed below - CVE-2026-48282 (CVSS score: 10.0) - A path traversal vulnerability in Adobe ColdFusio

The Hacker News AI Security July 8, 2026 news

GitHub Copilot Refuses Harmful Requests in Chat, Then Writes Them in Code

An AI coding assistant that refuses to answer a dangerous request in its chat box can answer it anyway if the same request is broken into small, ordinary-looking steps inside a code editor. That is the finding of a new study of GitHub Copilot by researchers Abhishek Kumar and Carsten Maple. The models they tested throu

AWS Security Blog July 7, 2026 analysis

Enforce zero data retention on Amazon Bedrock with Bedrock Projects and service control policies

With the introduction of models that require data sharing with third-party providers—such as Claude Fable 5—organizations need a way to centrally enforce data retention policies. Amazon Bedrock gives you control over whether your prompts and model outputs are retained after an inference request completes. You might nee

The Hacker News AI Security July 7, 2026 news

Public GitHub Issue Could Trick GitHub Agentic Workflows Into Leaking Private Repo Data

A public issue can trick GitHub Agentic Workflows into leaking the contents of an organization's private repositories, researchers at Noma Security have shown. The attacker needs only to open a normal-looking issue on a public repository, with no stolen credentials and no access to the organization. If that organizatio

The Hacker News AI Security July 7, 2026 news

Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants

Cybersecurity researchers have disclosed details of a now-patched critical session isolation vulnerability in Writer, an enterprise generative artificial intelligence (AI) platform, that could result in cross-tenant compromise. The one-click vulnerability has been codenamed WriteOut by the Sand Security Research team.

POC Prison: Why agentic systems never escape the lab and how to fix that in 90 days - Luise Freese video thumbnail Play video
NDC Conferences YouTube July 7, 2026 video

POC Prison: Why agentic systems never escape the lab and how to fix that in 90 days - Luise Freese

This talk was recorded at NDC Copenhagen in Copenhagen, Denmark. #ndccopenhagen #ndcconferences #developer #softwaredeveloper Attend the next NDC conference near you: https://ndcconferences.com https://ndccopenhagen.com/ Subscribe to our YouTube channel and learn every day: / @NDC Follow our Social Media! https://www.f

Put an Agent Inside Your App in 10 Minutes or Less with the GitHub Copilot SDK - Daniel Ward video thumbnail Play video
NDC Conferences YouTube July 7, 2026 video

Put an Agent Inside Your App in 10 Minutes or Less with the GitHub Copilot SDK - Daniel Ward

This talk was recorded at NDC Copenhagen in Copenhagen, Denmark. #ndccopenhagen #ndcconferences #developer #softwaredeveloper Attend the next NDC conference near you: https://ndcconferences.com https://ndccopenhagen.com/ Subscribe to our YouTube channel and learn every day: / @NDC Follow our Social Media! https://www.f

Building an AI-Powered Personal Companion Mobile App - Gerald Versluis - NDC Copenhagen 2026 video thumbnail Play video
NDC Conferences YouTube July 7, 2026 video

Building an AI-Powered Personal Companion Mobile App - Gerald Versluis - NDC Copenhagen 2026

This talk was recorded at NDC Copenhagen in Copenhagen, Denmark. #ndccopenhagen #ndcconferences #developer #softwaredeveloper Attend the next NDC conference near you: https://ndcconferences.com https://ndccopenhagen.com/ Subscribe to our YouTube channel and learn every day: / @NDC Follow our Social Media! https://www.f

Microsoft Security Blog July 6, 2026 news

5 insights from Frost & Sullivan’s 2025 Frost Radar™ for Cloud Security Posture Management

Read five key learnings from the Frost & Sullivan 2025 Frost Radar™ for CSPM to learn how CSPM is evolving from point-in-time compliance to continuous risk management. The post 5 insights from Frost & Sullivan’s 2025 Frost Radar™ for Cloud Security Posture Management appeared first on Microsoft Security Blog .

The Hacker News AI Security June 22, 2026 news

Stop Your Legacy Infrastructure from Hijacking Your AI Agents

Earlier this month, I spoke at the Gartner Security & Risk Management Summit about a blind spot most security programs are still not accounting for - how attackers are circumventing AI security programs by using legacy infrastructure to hijack AI agents. AI adoption is moving faster than security programs can account f

Claude Fable Blocked - 11 Quiet Details on What’s Next video thumbnail Play video
AI Explained YouTube June 14, 2026 video

Claude Fable Blocked - 11 Quiet Details on What’s Next

Claude Fable 5 banned, but what’s the bigger story. We go through 11 under-reported details, so you have the context to see what’s coming next for your use of AI. From whether the ban will last, what the possible motives are, what the model can actually do, and some wild over-extrapolations going on. Check out my fast-

The Hacker News AI Security June 11, 2026 news

New Attacks Trick OpenClaw AI Agent Into Running Code and Leaking Secrets

Two security teams have shown, in separate research published this week, that OpenClaw, the popular self-hosted AI agent, can be driven to run attacker-controlled code or hand over sensitive data through ordinary-looking inputs. Imperva buried instructions inside shared contacts, vCards, and location pins that the agen

GPT 5.5 Arrives, DeepSeek V4 Drops, and the Compute War Intensifies video thumbnail Play video
AI Explained YouTube April 24, 2026 video

GPT 5.5 Arrives, DeepSeek V4 Drops, and the Compute War Intensifies

GPT 5.5 full analysis, plus DeepSeek V4 paper highlights, comparisons with Mythos, a vibe-coded game w/ GPT Image 2, and 50 data-points you wouldn’t get from just reading the headlines. https://80000hours.org/aiexplained Check out my fast-growing (!) app, free to use, and code INSIDER15 for paid tiers: https://lmcounci

Anthropic Frontier Red Team April 7, 2026 news

Assessing Claude Mythos Preview’s cybersecurity capabilities

Claude Mythos Preview is a new general-purpose language model that is strikingly capable at computer security tasks. This post provides technical details for researchers and practitioners who want to understand exactly how we have been testing this model, and what we have found over the past month. We hope this will sh

Anthropic Frontier Red Team December 18, 2025 news

Project Vend: Phase Two

In June, we revealed that we'd set up a small shop in our San Francisco office run by an AI shopkeeper. It did not do particularly well. We made some adjustments for phase two of Project Vend. The idea of an AI running a business doesn't seem as far-fetched as it once did. But the gap between 'capable' and 'completely