Agent-Security

On the same day that Meta confirmed its first rogue-agent Sev 1 security incident, NVIDIA dropped the tool that the enterprise world arguably needed yesterday: OpenShell, an open-source secure runtime environment for autonomous AI agents. Released under Apache 2.0 as part of the NVIDIA Agent Toolkit at GTC 2026, OpenShell is designed to put a hard enforcement layer between an agent and everything it shouldn’t touch. The timing is not a coincidence. Enterprise AI teams are deploying agents that can execute code, read file systems, and make network calls — and the governance infrastructure for those capabilities is, in most organizations, significantly behind the capability itself. OpenShell is an attempt to close that gap at the runtime level. ...

OpenAI just made its most important security acquisition yet. On Monday, the company announced it’s acquiring Promptfoo, the AI security startup that’s quietly become essential infrastructure for testing LLM vulnerabilities — used by over 25% of Fortune 500 companies and 125,000 developers worldwide. The price tag wasn’t disclosed, but the strategic message is crystal clear: as AI agents move from demo-day toys to production infrastructure, OpenAI is making a direct bet that security tooling needs to be built into the platform itself. ...

On the same day that Oasis Security disclosed a critical vulnerability chain in OpenClaw, and an MIT study found that most agentic AI systems have no documented shutdown controls, a credible new open-source project arrived that addresses both problems at the design level. IronCurtain — published today by Niels Provos, a security researcher with serious credentials (he’s known for work on OpenSSH and honeypot research) — is a model-independent security wrapper for LLM agents that enforces behavioral constraints without requiring changes to the underlying model. ...