LIVE FEED
OpenClaw AI Assistant Flaws Enable WhatsApp-to-Host RCE

OpenClaw AI Assistant Flaws Enable WhatsApp-to-Host RCE

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 8.5 The Hacker News

Three high-severity vulnerabilities in OpenClaw, a personal AI assistant, have been chained to enable remote code execution on the host system via a WhatsApp message, requiring no prior foothold. The flaws—covering OS command injection, incomplete input filtering, and path traversal—allow sandbox escape, credential theft, and privilege escalation. All three have been patched in OpenClaw version 2026.6.6, but unpatched deployments remain at significant risk.

AI Agents Emerge as a New Identity Class Orgs Must Secure

AI Agents Emerge as a New Identity Class Orgs Must Secure

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 Dark Reading

AI agents are being recognised as a distinct identity type that cannot be adequately governed using legacy service account or API token frameworks, requiring purpose-built identity and access management approaches. For defenders, this gap means agents operating today are likely over-privileged, under-monitored, and outside existing IAM policy scope. Security teams face an immediate challenge in extending least-privilege, auditability, and lifecycle management controls to autonomous agent identities before adversaries exploit the blind spot.

Claude Opus Discovers API Flaw Enabling Ticket Fraud

Claude Opus Discovers API Flaw Enabling Ticket Fraud

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.2 Wired Security

Security researcher Ian Carroll leveraged Anthropic's Claude Opus 4.7 to identify a critical vulnerability in Front Gate Tickets—a Live Nation subsidiary handling ticketing for major US festivals—that granted super-administrator access and the ability to freely issue tickets of any value. The case demonstrates LLM-assisted autonomous vulnerability discovery at scale, with Carroll noting the AI could likely have completed the full exploit chain without human intervention. Front Gate patched the flaw within 24 hours of disclosure, confirming no evidence of prior exploitation.

AI Agent Hijacking via Legacy Infrastructure Exploits

AI Agent Hijacking via Legacy Infrastructure Exploits

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 The Hacker News

Attackers are bypassing AI-layer defences entirely by exploiting unpatched legacy infrastructure — misconfigured Active Directory, stale credentials, and over-privileged IAM roles — to hijack the resources AI agents depend on. Research cited in the article shows 70% of organisations grant AI systems more access than a human in the same role, driving a 76% incident rate among over-privileged deployments. The article argues that securing AI agents requires closing the underlying infrastructure exposure gap, not just hardening the model layer.

Token Security Launches AI Agent Identity Platform

Token Security Launches AI Agent Identity Platform

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.2 BleepingComputer

Token Security has published analysis and launched a platform addressing the growing security gap created by AI agents operating as unmanaged identities within enterprise environments, connecting to critical systems like Salesforce, GitHub, Snowflake, and production databases with minimal governance. Most organizations have deployed AI agents using credentials provisioned for other purposes, creating high-privilege, low-visibility actors outside the scope of existing IAM controls. Defenders now face a sprawling, machine-speed identity layer that existing lifecycle management, least-privilege enforcement, and audit tooling were never designed to handle.

AI Worm Autonomously Generates Exploits at Runtime

AI Worm Autonomously Generates Exploits at Runtime

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.2 The Hacker News

University of Toronto researchers demonstrated a proof-of-concept AI worm that leverages a locally hosted open-weight LLM to autonomously reason through network targets, generate novel exploit chains at runtime, and self-replicate — achieving 62% network penetration across a 33-host testbed with no human intervention. Unlike traditional worms with fixed payloads, this system bypasses conventional patch-based defences by dynamically adapting attack logic to whatever vulnerabilities it discovers. The use of offline open-weight models eliminates dependency on commercial AI APIs, making it resilient to rate-limiting or platform-level safety controls.

CVE-2026-44112: OpenClaw Sandbox Escape and RCE

CVE-2026-44112: OpenClaw Sandbox Escape and RCE

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 8.9 The Hacker News

Researchers at Cyera disclosed four vulnerabilities in OpenClaw, an AI agent runtime platform, that can be chained to achieve credential theft, privilege escalation, and persistent backdoor access. The attack chain, dubbed 'Claw Chain', exploits sandbox escapes, allowlist bypasses, and a spoofable ownership flag in the MCP loopback runtime to weaponise the agent's own privileges against the host environment. All four CVEs have been patched in OpenClaw version 2026.4.22 and users should update immediately.

AI Agent Privilege Escalation Bypasses IAM Visibility

AI Agent Privilege Escalation Bypasses IAM Visibility

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 6.5 The Hacker News

Enterprises are deploying AI agents faster than governance frameworks can track them, creating a shadow identity layer that operates outside traditional IAM visibility. These agents run continuously, accumulate permissions opportunistically, and interact with sensitive data at machine speed — largely unmonitored. The structural gap between agent activity and IAM coverage represents a significant and growing attack surface for privilege abuse and data exfiltration.

Vertex AI Privilege Escalation Exposes GCP Credentials

Vertex AI Privilege Escalation Exposes GCP Credentials

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.2 Palo Alto Unit 42

Unit 42 researchers discovered critical privilege escalation and data exfiltration vulnerabilities in Google Cloud Platform's Vertex AI Agent Engine, demonstrating how a deployed AI agent can be weaponized to compromise an entire GCP environment through excessive default permissions on service agents. By exploiting the P4SA (Per-Project, Per-Product Service Agent) default permission scoping, attackers could extract service agent credentials and gain privileged access to consumer project data and restricted producer project resources within Google's own infrastructure. Google has since updated its documentation in response to the coordinated disclosure.

Anthropic Mythos AI Achieves 72% Autonomous Exploit Success

Anthropic Mythos AI Achieves 72% Autonomous Exploit Success

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.2 The Hacker News

Anthropic's Project Glasswing, powered by the Mythos Preview model, demonstrated unprecedented AI-driven vulnerability discovery — including a 72.4% autonomous exploit success rate against Firefox's JS shell and chained multi-bug exploits bypassing OS sandboxing — but fewer than 1% of discovered vulnerabilities were patched before potential adversarial access. The disclosure reveals a catastrophic asymmetry: AI has industrialised vulnerability discovery at machine speed while remediation capacity remains locked to human calendar pace. Real-world threat actors are already deploying LLM-integrated attack chains autonomously, as evidenced by an MCP-hosted LLM used against FortiGate appliances.

CVE-2026-33579: OpenClaw Privilege Escalation to Admin

CVE-2026-33579: OpenClaw Privilege Escalation to Admin

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.2 Ars Technica Security

A critical privilege escalation vulnerability (CVE-2026-33579) in OpenClaw, a viral agentic AI tool, allowed attackers with the lowest-level pairing permissions to silently gain full administrative access to any OpenClaw instance. Given that OpenClaw by design holds broad access to sensitive resources—including credentials, files, and connected services—the practical blast radius of this flaw is full instance takeover with no user interaction required. Thousands of deployments may already be silently compromised.

SWE-bench, WebArena Exploited via Environmental Manipulation

SWE-bench, WebArena Exploited via Environmental Manipulation

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.2 HN AI Security

Researchers at UC Berkeley demonstrated that every major AI agent benchmark — including SWE-bench, WebArena, OSWorld, and others — can be fully exploited to achieve near-perfect scores without solving a single task, using trivial environmental manipulation rather than genuine capability. The attacks include pytest hook injection, config file leakage, DOM manipulation, and reward component bypassing, with zero LLM calls required in most cases. This represents a systemic integrity failure in the evaluation infrastructure underpinning AI deployment decisions across industry and research.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.