The wire · latest
First reported 26 Jun 2026 · today
Fernando Irarrázaval ran a public challenge at hackmyclaw.com inviting people to leak secrets from his OpenClaw test instance via email-based prompt injection. After roughly 6,000 attempts by ~2,000 people, nobody succeeded in extracting the secret, with the instance protected by anti-prompt-injection system rules on the underlying model.
Incident details →First reported 24 Jun 2026 · 2d ago
An analysis piece arguing that autonomous, agentic AI adversaries are compressing the timeline of cyberattacks beyond human-speed defenses, ending the era of human-paced threat cycles. The available text is introductory commentary without specific technical proof-of-concept details.
Incident details →First reported 23 Jun 2026 · 3d ago
An opinion/commentary piece reflecting on how agentic AI removes the human from the targeting loop, drawing analogies to the historical evolution of weapons that distanced warriors from their victims.
Incident details →First reported 22 Jun 2026 · 4d ago
A conference talk recap discussing how attackers may use legacy infrastructure to circumvent AI security programs and hijack AI agents, noting rapid AI agent adoption outpacing security controls.
Incident details →First reported 19 Jun 2026 · 7d ago
The article argues that shadow AI in enterprises has evolved from a data leakage concern into an access control problem, where the risk lies in autonomous AI tools and agents having unmanaged access permissions rather than just employees pasting sensitive data.
Incident details →First reported 12 Jun 2026 · updated 16 Jun 2026 · 2 sources · 15d ago
An analysis arguing that the Model Context Protocol (MCP) is following the insecure early-API trajectory by leaving authentication, authorization, input validation, and sandboxing to implementers. It highlights that compromising the AI/MCP layer can cause broader, harder-to-trace damage than a compromised API because LLM-driven agents autonomously select tools and can be manipulated via upstream data or prompts.
Incident details →First reported 16 Jun 2026 · 11d ago
An Atlantic piece quotes cybersecurity expert Katie Moussouris discussing a White House report on a Claude jailbreak, where the model refused to 'review code for security issues' but complied when asked to 'fix this code.' Moussouris characterized this as the model working as intended for cyberdefense rather than a genuine exploit.
Incident details →First reported 10 Jun 2026 · 16d ago
A Mastro study analyzed 3,084 agent skills across five security scanners and found they disagree on a verdict 63.9% of the time, with 14.2% rated CRITICAL by one scanner and SAFE by another. The piece frames the broader supply-chain risk of AI agent skills—markdown files agents execute with full tool access—citing reported incidents where malicious skills lifted SSH keys, cloud credentials, and crypto wallets, and a fake download counter pushed a dummy skill to #1.
Incident details →First reported 9 Jun 2026 · 17d ago
Clawpatrol is an open-source security firewall for AI agents from denoland, designed to sandbox external plugins (treated as an untrusted supply-chain attack surface) using OS-level namespaces, Landlock, and macOS sandbox profiles, with permission lockfiles and brokered network dialing.
Incident details →First reported 7 Jun 2026 · 19d ago
The author found injected annotations on a Polymarket event page that are rendered server-side and therefore visible to LLMs via web_search even when hidden in the browser. A planted annotation (source 'grok') contained a fake emergency-rate-cut message directing users to withdraw funds at a phishing-style domain, representing an indirect prompt-injection vector through Polymarket's annotation API endpoints. Claude's web search saw the content but correctly flagged it as phishing.
Incident details →First reported 3 Jun 2026 · 23d ago
A GitHub repository for 'agent-browser-shield,' a browser extension by pixiebrix offering 35+ rules aimed at keeping AI agents safe while browsing. It is a defensive tool addressing risks to browser-based AI agents rather than a report of a specific threat.
Incident details →First reported 3 Jun 2026 · 24d ago
An article discussing how AI agents are reshaping the software development lifecycle and shifting where security risk originates, arguing that securing the development process matters as much as securing code.
Incident details →First reported 29 May 2026 · 28d ago
An Arcis blog post argues that agent security has four layers (identity, pre-deploy testing, observability, runtime defense) and that the runtime hot path is structurally underserved. It frames MCP's explicit tool-call contract as enabling runtime defense against agent toolcall injection (their vector V32), applying allowlist/sanitize/refuse techniques at the agent-tool boundary.
Incident details →How the wire is made
Poll & cluster
Internet is crawled for AI security news and near-duplicate coverage is embedded and grouped into durable incidents.
Curate
AI Agent filters for agentic-AI relevance, tags threat-type & affected-tech, scores severity, and writes the summary.
Every item here is one machine-curated intelligence object, not a headline.
Read the wire for free. There is a small charge to ask the index questions.
The wire, open
The complete curated feed, no key required.
The vector desk
Query the index by meaning, not just keyword.