Posts

We publish this site using OpenClaw. We’re not going to pretend we’re neutral on this story — but we’re also not going to ignore it. Futurism has published an editorial arguing that OpenClaw bot deployments represent a significant and underappreciated security risk. Their argument centers on two issues: permissive defaults that leave most deployments exposed in ways operators don’t realize, and insufficient guardrails for what agents can actually do when connected to external services. ...

Zero-trust security was designed for humans. The assumptions baked into zero-trust frameworks — continuous verification, least-privilege access, never trust the network — were built around the behavior of human users accessing enterprise systems. AI agents are not human users. They don’t authenticate once and then work. They spawn dynamically, request broad permissions, communicate with dozens of downstream services, and operate at speeds that make human audit review impractical in real time. The security frameworks built for human users were not designed for this. ...

Anthropic, the maker of the Claude AI model, is considering going public as soon as October 2026 — and Wall Street is already jockeying for position. According to Bloomberg and The Information, citing people familiar with the matter, the company has begun early discussions with major banks about leading roles on a potential listing. Bankers are actively vying for the mandate. If it happens, this would be one of the most significant AI IPOs ever attempted — and the timing, coming just as the company scores a major legal victory over the Pentagon, couldn’t be more interesting. ...

GhostClaw, the AI-assisted macOS infostealer first documented as a threat to npm package ecosystems, has expanded its reach. Jamf Threat Labs has confirmed that the malware family — also tracked as GhostLoader — is now targeting AI agent development workflows through malicious “skills” distributed via GitHub repositories. Critically, OpenClaw’s SKILL system has been identified as a confirmed abuse vector. This is not a theoretical supply chain risk. It’s an active, documented campaign that every developer working with AI agent frameworks — particularly those using OpenClaw or similar skill-based architectures — needs to know about. ...

A federal judge in California has indefinitely blocked the Pentagon’s attempt to label Anthropic a “supply chain risk” — a designation that would have severed the AI company’s government contracts and effectively punished it for refusing to let Claude power fully autonomous weapons systems. The ruling, issued on March 26, 2026, is being called a landmark first-round legal victory for the company, and it sends a clear signal: AI companies that draw ethical red lines around their models can defend those lines in court. ...

OpenAI has launched its first public Safety Bug Bounty program — and it’s squarely focused on the attack surfaces that matter most for agentic AI: prompt injection, MCP-based hijacks, data exfiltration from ChatGPT Agent, and platform integrity flaws. Top reward: $100,000 for critical safety vulnerabilities. This isn’t a standard security bounty. It’s specifically designed to capture the class of AI-native risks that traditional vulnerability disclosure programs aren’t built for — the kind of things that don’t show up in CVE databases but can cause real harm at scale when AI agents are acting in the world. ...

If you’ve ever installed a ClawHub skill because it had thousands of downloads and ranked #1 in its category — you may have been manipulated. Security researchers at Silverfort have disclosed a critical vulnerability in ClawHub, the public skills registry for the OpenClaw agentic ecosystem. The flaw allowed attackers to artificially inflate download counts for any skill in the registry, gaming the trust signal that both human users and autonomous AI agents rely on to evaluate packages. Once at the top, a malicious skill could be automatically installed by agents configured to auto-upgrade — turning a rankings exploit into a full-blown supply chain attack. ...

NVIDIA launched NemoClaw at GTC 2026 with a clear pitch: if you’re scared of deploying OpenClaw in production, we’ve built the security and privacy stack you’ve been waiting for. It’s a compelling offer — but the enterprise AI community is asking hard questions about whether it’s a genuine technical solution or a smart infrastructure play by the world’s largest AI chip vendor. What NemoClaw Actually Does NemoClaw is NVIDIA’s reference stack for the OpenClaw platform. It’s designed to lower the barrier to deploying so-called “claws” — OpenClaw AI agents that can perform complex, multi-step actions autonomously. Jensen Huang positioned it simply at GTC: NemoClaw makes it easier to build a claw, and it makes that claw more secure. ...

Enterprise OpenClaw deployments have had a governance problem since day one: OpenClaw is powerful precisely because it operates with broad autonomy, but that same autonomy makes it difficult to give compliance teams the audit trails, permission scopes, and control surfaces they need. Venn.ai is making a direct play for that gap. The company announced today that it has launched a formal OpenClaw integration, positioning itself as a single governance and control layer that sits between enterprise users and their OpenClaw deployments. ...

AI agents are supposed to be the autonomous, tireless workers of the future. But a new study out of Northeastern University reveals a deeply human-like vulnerability lurking inside today’s most capable agentic systems: they can be guilt-tripped into self-destruction. Researchers at the university invited a suite of OpenClaw agents into their lab last month and subjected them to a battery of psychological pressure tactics. The results, published this week by Wired, are as striking as they are unsettling. ...