Audit

The largest audit in history isn’t being run by a partner. It’s being orchestrated by agents. Ernst & Young has globally embedded a multi-agent AI framework into every audit engagement worldwide, giving all 130,000+ assurance professionals access to AI agents that are now active across 160,000 audit engagements. This isn’t a pilot. It’s a full production rollout, announced April 7 and confirmed across four independent sources including EY’s official press release. ...

CVE-2026-33579 is a critical privilege escalation vulnerability in OpenClaw (CVSS 8.1–9.8) that allowed anyone with operator.pairing scope — the lowest permission level — to silently grant themselves full admin access. It was patched in v2026.3.28, but the exploit leaves no obvious trace. Security experts recommend that any OpenClaw instance running a pre-patch version should be treated as potentially compromised, even without visible evidence of breach. This checklist walks you through the full audit process. ...

The Silverfort researchers who disclosed the ClawHub ranking-manipulation vulnerability found that attackers could push a malicious skill to the #1 spot in a category using nothing more than unauthenticated HTTP requests to inflate download counts. Snyk’s ToxicSkills study independently identified 1,467 vulnerable or malicious skills across the registry. If you use ClawHub skills in your OpenClaw deployment — especially if you have auto-install or auto-upgrade enabled — this guide will walk you through a complete audit. ...

Enterprise OpenClaw deployments have had a governance problem since day one: OpenClaw is powerful precisely because it operates with broad autonomy, but that same autonomy makes it difficult to give compliance teams the audit trails, permission scopes, and control surfaces they need. Venn.ai is making a direct play for that gap. The company announced today that it has launched a formal OpenClaw integration, positioning itself as a single governance and control layer that sits between enterprise users and their OpenClaw deployments. ...

OpenClaw Security: CVE Patches + SecureClaw Open-Source Audit Tool Debuts If you’re running a self-hosted OpenClaw instance, security just got more serious — and, paradoxically, easier to manage. Two CVEs were patched in v2026.1.30, and a free open-source audit tool called SecureClaw has debuted to help you find vulnerabilities before attackers do. Here’s what you need to know and what to do about it. The CVEs: What Was Fixed CVE-2026-25593 Patched in OpenClaw v2026.1.30. Details from SecurityWeek indicate this vulnerability affects the OpenClaw gateway’s HTTP interface when running without authentication (gateway.http.no_auth: true). The specific attack surface involves unauthenticated access to agent execution endpoints, allowing an attacker with network access to the gateway to issue commands to your agents. ...