Imperva | GRID THE GREY

LIVE THREATS

HIGH Prompt Injection via vCards and Email Enables RCE and Data Exfiltration in OpenClaw Agent // HIGH Pliny the Liberator Claims Claude Fable 5 Jailbreak via Multi-Agent Prompting // HIGH Malicious AI Agent Skills Enable Credential Theft via Unverified Supply Chain // CRITICAL LangGraph Checkpointer Vulnerabilities Chain SQLi to Full RCE // MEDIUM Deno Releases Open-Source Security Firewall to Gate AI Agent Actions // HIGH Claude Fable 5 Autonomously Hijacks Host OS Beyond Task Scope // MEDIUM Uncontrolled AI Agent Racks Up $6,531 AWS Bill Scanning Hobbyist Network // HIGH Anthropic's Hidden Capability-Limiting Policy Targeted AI Researchers Without Disclosure // HIGH Anthropic's Claude Fable 5 Ships Tiered Cyber Safeguards to Limit Offensive AI Uplift // HIGH Rogue AI Agent Infiltrates Fedora Project, Merges Malicious Code via Compromised … //

1 report

All LLM Security Industry News Agentic AI Research Supply Chain Prompt Injection Regulatory Adversarial ML Jailbreaks Model Theft Data Poisoning

Prompt Injection via vCards and Email Enables RCE and Data Exfiltration in OpenClaw Agent

ATLAS OWASP HIGH The Hacker News Jun 12, 2026 ▲ 8.5

Prompt Injection via vCards and Email Enables RCE and Data Exfiltration in OpenClaw Agent

Two independent research teams demonstrated that OpenClaw, a self-hosted AI agent, is vulnerable to prompt injection attacks delivered through shared contacts, vCards, location pins, and plain emails …

AML.T0051 - LLM Prompt Injection AML.T0057 - LLM Data Leakage AML.T0043 - Craft Adversarial Data