Security

CVE-2026-32211 is a CVSS 9.1 information disclosure vulnerability in Azure MCP Server. Missing authentication allows unauthenticated attackers with network access to read sensitive data — API keys, agent tokens, and data source credentials the MCP server manages. No credentials required to exploit. No prior access needed. This guide walks through the immediate mitigation steps while an official patch is pending, and the longer-term hardening practices that should apply to any MCP server deployment. ...

The governance infrastructure for autonomous AI agents has lagged badly behind the deployment infrastructure. Frameworks like LangChain, AutoGen, CrewAI, and Azure AI Foundry made it remarkably easy to ship agents that book travel, execute financial transactions, write and run code, and manage cloud infrastructure — all without human sign-off at each step. The guardrails came after, bolted on, or not at all. Microsoft just dropped what might be the most comprehensive attempt to fix that: the Agent Governance Toolkit, open-sourced and available now across Python, TypeScript, Rust, Go, and .NET. ...

Traditional Privileged Access Management was built around a simple premise: human users need elevated access sometimes, so we vault those credentials, require checkout, and log who used what when. It works reasonably well for humans, who operate on human timescales, request access explicitly, and can be held accountable by name. AI agents operate differently. They access dozens of systems in parallel, at machine speed, for tasks that were authorized in general but not pre-approved in each specific instance. The traditional PAM model — vault credentials, check them out, check them back in — doesn’t map cleanly onto an agent that makes 200 API calls in thirty seconds across five different systems. ...

On the same day that two critical OpenClaw vulnerabilities are making headlines, a partnership announcement hits the timing perfectly: Highflame and Tailscale have announced an integration that brings real-time security evaluation to AI agent and MCP (Model Context Protocol) interactions — at the network layer, without requiring code changes. The timing is almost too on the nose. But the underlying problem this partnership addresses is real and growing. The Problem: Agentic AI’s Security Gap Modern AI agent frameworks — OpenClaw, MCP-based systems, enterprise Copilot deployments — generate a constant stream of interactions between language models, tools, APIs, and external services. Each of those interactions is a potential attack vector. ...

If you’re running OpenClaw on any version before 2026.3.28, stop reading and go update. Right now. We’ll be here when you get back. For everyone else: here’s what happened, why it’s serious, and exactly how to verify you’re protected against two freshly disclosed critical vulnerabilities: CVE-2026-33579 and CVE-2026-34426. What Are These Vulnerabilities? CVE-2026-33579 — Privilege Escalation via /pair approve (CVSS 8.1–9.8) This is the big one. Rated between 8.1 and 9.8 out of 10 on the CVSS scale, CVE-2026-33579 allows an attacker who holds operator.pairing scope — the lowest meaningful permission in an OpenClaw deployment — to silently approve device pairing requests that ask for operator.admin scope. ...

BREAKING — An inadvertent data leak from Anthropic has revealed the existence of an unreleased model called Claude Mythos, described internally as a “step change” in capabilities. CNN Business broke the story this morning. Security experts are already sounding the alarm. What We Know About Claude Mythos The model name surfaced through an Anthropic data leak — the specifics of which Anthropic has not fully disclosed. What’s clear from the Benzinga reporting is that: ...

When the Claude Code source code leaked on March 31, 2026 via a poorly secured npm .map file, most attention focused on the embarrassment for Anthropic. Less discussed: the malware campaigns that were already being built on top of that leak within hours. As of today, threat actors are actively distributing Vidar infostealer malware and GhostSocks proxy through fake GitHub repositories designed to look like legitimate Claude Code forks. If you’ve been searching for Claude Code on GitHub in the last 48 hours, you may have encountered these repos. ...

The Claude Code source code leak of March 31, 2026 created an immediate security hazard: threat actors began distributing Vidar infostealer malware through convincing fake GitHub repositories within 24 hours. If you’ve cloned any Claude Code fork from an unofficial source since then, this guide is for you. This is a practical, step-by-step walkthrough for: Verifying whether you downloaded a legitimate or fake Claude Code repo What to do if you ran a malicious installer How to protect yourself going forward Step 1: Verify the Repository You Downloaded Check the GitHub organization The only legitimate Claude Code repository is under the official Anthropic GitHub organization: ...

The open-source AI agent framework that conquered the internet in four months is now facing its most serious security reckoning yet. A comprehensive study published March 31 by Web3 security firm CertiK paints a stark picture: OpenClaw has accumulated over 100 CVEs and 280 security advisories since its release, with more than 135,000 internet-exposed instances actively leaking credentials — and a malware-infested skills marketplace that’s quietly targeting user wallets. The Architectural Problem Nobody Wanted to Talk About OpenClaw was originally designed for trusted local environments. You ran it on your laptop, it had access to your files and accounts, and that was fine because it was your machine. ...

The CertiK study published today identified 135,000 internet-exposed OpenClaw instances with systemic security failures: authentication disabled, API keys in plaintext, malware in the skills store. Most of those deployments weren’t the result of malicious intent — they were the result of setting up OpenClaw following the default quick-start guide and then opening it to the internet. This guide is the one you should follow instead. It covers a complete, production-grade VPS deployment of OpenClaw v2026.4.1 with the security hardening necessary to run it safely on a public-facing server. ...