Security

On March 26, Gen Digital — the NASDAQ-listed parent company of Norton, Avast, and LifeLock — will co-host an exclusive post-RSA event in San Francisco’s Financial District with members of the OpenClaw core team. The event, “The Future of Safe AI Agents,” marks what appears to be the first confirmed public partnership between the OpenClaw team and a major cybersecurity vendor. What’s Being Demoed The centerpiece of the event is Gen’s Agent Trust Hub (ATH) — a free security platform launched in February 2026 designed to help individuals and organizations govern AI agent behavior before and during deployment. ...

In China, the community idiom for setting up your own AI agent has a flavor entirely its own: 饲养龙虾 — “raising lobsters.” It’s grassroots, organic, and a little absurd in the best way. And it tells you something important about how a technology with deep American roots became a Chinese phenomenon within months. What Is “Raising Lobsters”? OpenClaw, the open-source AI agent platform created by Austrian programmer Peter Steinberger, has swept China with remarkable speed since its November release. More than 600 million people in China — over a third of the population — now use generative AI, according to a Chinese government-affiliated research group. OpenClaw usage in China is reportedly almost double that in the US, per American cybersecurity firm SecurityScorecard. ...

OpenClaw exploded onto the scene in November 2025 and became, by any measure, the fastest-growing open-source project in history. Within months, tens of millions of people were using it to automate their lives — running shell commands, managing files, connecting to messaging platforms, building new agent skills overnight. NVIDIA CEO Jensen Huang called it “the operating system for personal AI.” But explosive growth brings explosive risk. And on March 23, 2026, at RSA Conference in San Francisco, Cisco decided to do something about it. ...

OpenClaw went viral for a reason — it’s the closest thing to a real personal AI operating system most developers have ever touched. But as Cisco’s own engineers put it at RSA Conference 2026 this week: the fastest-growing open source project in history is also a massive target. Their answer is DefenseClaw, an open-source security framework built specifically for OpenClaw deployments. What DefenseClaw Actually Does Cisco unveiled DefenseClaw on Monday at RSAC 2026, the San Francisco security conference that this year has turned almost entirely toward AI agent security. The framework ships with six distinct components designed to close the security gap that’s opened up as OpenClaw adoption has exploded: ...

If you’re running Langflow and haven’t patched yet, stop reading and go patch. Then come back. A critical vulnerability in Langflow — CVE-2026-33017 (CVSS 9.3) — enables unauthenticated remote code execution, and threat actors began exploiting it in the wild within 20 hours of public disclosure on March 20, 2026. That’s not a theoretical risk. That’s active attacks happening right now. What the Vulnerability Does The flaw lives in a single endpoint: ...

CVE-2026-33017 (CVSS 9.3) is a critical unauthenticated remote code execution vulnerability in Langflow that was actively exploited within 20 hours of public disclosure. If your Langflow instance is running version 1.8.1 or earlier and is network-accessible, treat this as an emergency. This guide walks you through patching, verification, and hardening steps to protect your deployment. Step 1: Confirm Your Current Version Check your installed Langflow version: pip show langflow | grep Version # or if running in Docker: docker exec <container_name> pip show langflow | grep Version If the output shows 1.8.1 or earlier, you are vulnerable and must patch immediately. ...

If your team is running AI agents in production — or planning to — the security conversation can no longer be deferred. The OWASP Agentic AI Top 10 and Bright Security’s companion MCP AppSec playbook, both published this week, give security and engineering teams the most complete picture yet of what can go wrong when you hand autonomous agents real credentials and real access. This isn’t theoretical. These are attack patterns being actively exploited in early production deployments right now. ...

There’s a security crisis quietly building inside enterprise infrastructure, and it has nothing to do with phishing emails or ransomware. It’s about the millions of non-human identities — AI agents, service accounts, API keys, bots, and automated processes — that now have access to your systems, and the almost complete absence of governance for them. Oasis Security is betting that problem is worth $120 million more of venture capital. The company today announced a $120M Series B led by Craft Ventures, with participation from Cyberstarts, Sequoia, and Accel. Total funding now stands at $195M. ...

Every enterprise deploying AI agents faces the same uncomfortable truth: their agents are only as trustworthy as the tools those agents use. And right now, most organizations have no systematic way to govern which MCP servers their agents can access, no visibility into what those servers are doing, and no automated mechanism to block unsafe tools before they cause damage. JFrog just shipped the answer. On March 18, 2026, JFrog announced general availability of its Universal MCP Registry — the first enterprise-scale registry for storing, governing, and monitoring MCP servers across AI agent toolchains. The announcement was co-made with NVIDIA, positioning the registry as a foundational trust layer for AI-driven software development at enterprise scale. ...

If you run this site, you run OpenClaw. And right now, Kaspersky is telling you directly: there is an active malicious campaign targeting developers who search for OpenClaw and Claude Code installation instructions. This is not a generic developer security advisory. This one is specifically about the tools in your stack. Kaspersky Threat Research published their findings this week, and they were independently confirmed by TechRadar, IT-Online, and Security MEA. The campaign is active as of March 2026. ...