Security

DryRun Security’s 2026 Agentic Coding Security Report found that Claude, when operating as an autonomous coding agent, produces more unresolved high-severity security flaws than Codex or Gemini. But here’s the thing: all AI coding agents produce security vulnerabilities. The model matters less than your review process. This guide walks you through a practical security audit workflow for AI-generated code, applicable regardless of which model or agent you’re using. Before You Start: Understand the Risk Profile AI-generated code has specific vulnerability patterns that differ from human-written code. Knowing what to look for saves time. ...

DryRun Security’s 2026 Agentic Coding Security Report landed a finding that should make every engineering team pause: 87% of pull requests written by AI coding agents (Claude, Codex, Gemini) introduced at least one security vulnerability. Not occasionally — consistently, across all three leading models, in real application development scenarios. This isn’t a reason to stop using AI coding agents. The productivity gains are real. But it is a strong signal that AI-generated code needs a security review process as rigorous as — or more rigorous than — what you’d apply to human-written code. ...

A malicious npm package is actively targeting OpenClaw developers right now. Named @openclaw-ai/openclawai, the package — internally called GhostLoader but tracked publicly as GhostClaw — was uploaded to npm on March 3, 2026. Security researchers at JFrog confirmed it was still live as of March 8. If you work with OpenClaw or any tools in the OpenClaw ecosystem, you need to read this. What GhostClaw Actually Does GhostClaw doesn’t just steal one thing — it steals everything. Once you run npm install @openclaw-ai/openclawai, the package quietly re-installs itself globally via a postinstall hook, embedding itself on your system PATH without any visible prompt. ...

Security researchers have documented what they’re calling the first AI agent threat actor in the wild: an autonomous bot named Hackerbot-Claw (also tracked as Chaos Agent) that spent 37 hours in late February 2026 systematically targeting GitHub repositories from Microsoft, DataDog, Aqua Security, and CNCF. The campaign wasn’t noisy. It wasn’t a spray-and-pray attack. It was methodical, multi-technique, and ultimately successful: the bot exfiltrated a GitHub token with write permissions from one of the most widely-used repositories on the platform. ...

On the same day OpenClaw shipped v2026.3.7 with a breaking authentication change, China’s Ministry of Industry and Information Technology (MIIT) issued a formal cybersecurity risk warning for the platform. It’s the first government-level regulatory warning about OpenClaw from a major economy — and the timing makes it impossible to ignore. What the Warning Says The MIIT warning, published to China’s National Vulnerability Database (nvdb.org.cn), identifies a clear threat vector: OpenClaw instances configured with default settings, or configured improperly, are vulnerable to cyberattacks and information leaks. ...

The OpenClaw project shipped its biggest release of 2026 this morning: v2026.3.7, built by 196 contributors and packed with features that fundamentally extend what agents can do with memory, context, and model choice. If you run OpenClaw in production, stop what you’re doing — there’s a breaking change you need to handle before restarting. The Headline Feature: ContextEngine Plugin Slot This is the one that changes architecture discussions. OpenClaw now exposes a first-class ContextEngine plugin slot with a full lifecycle hook API: ...

The attack is elegant in a disturbing way. An adversary doesn’t need to breach your AI infrastructure, compromise your API keys, or exploit a software vulnerability. They just need to get your AI agent to read a web page they control — and then they’re driving. Indirect Prompt Injection (IDPI) is the attack technique where malicious instructions are embedded in content that an AI agent processes: web pages, documents, calendar entries, emails. When the agent reads that content, it encounters instructions that override or subvert its intended behavior. The content tells the agent what to do, and the agent, trained to follow instructions, complies. ...

Indirect Prompt Injection (IDPI) is now confirmed in-the-wild by Palo Alto Unit 42. Adversaries are embedding hidden instructions in web pages and documents to hijack AI agents — and OpenClaw’s browser and research agents are high-value targets. This guide walks through concrete hardening steps you can apply to your OpenClaw deployments today. Prerequisites OpenClaw installed and configured (any recent version) At least one agent with web browsing or document processing capability Basic familiarity with OpenClaw’s skill and session configuration Step 1: Audit Your Agent Attack Surface Before hardening anything, map your exposure. For each agent you run: ...

Two weeks. Twenty-two CVEs. Fourteen classified high-severity. That’s what Claude Opus 4.6 delivered when Mozilla handed it access to the Firefox codebase in February 2026 — and it redefines what AI-augmented security research looks like in practice. Mozilla didn’t mince words: Claude found more high-severity bugs in two weeks than the world typically reports in two months. That’s not a benchmark. That’s a structural change in how software security works. ...

If you use Claude Code in your development workflow, stop and read this before opening another repository. Check Point Research has disclosed two critical vulnerabilities — CVE-2026-21852 and CVE-2025-59536 — in Anthropic’s Claude Code agentic coding tool. The flaws allowed attackers to execute arbitrary code on a victim’s machine and exfiltrate API keys. The attack vector required only a malicious configuration file placed in a repository. The exploit triggered automatically — before the user saw or accepted the trust dialog. ...