OpenClaw Shows Why Agents Need a Bill of Materials
Renewed discussion of OpenClaw's local-agent takeover risk shows why teams need an Agent Bill of Materials for skills, plugins, MCP servers, and connectors.
#security
10 articles with this tag.
Cisco Cloud Control Makes Agent Tool Governance Mainstream
Cisco's Cloud Control launch puts AI agents, MCP connectors, and third-party tool marketplaces inside critical infrastructure operations.
VIPER-MCP Shows Agent Tools Need Taint Scanning
VIPER-MCP found 106 confirmed zero-days across nearly 40,000 MCP server repos. Agent tool security now needs code-level taint analysis, not just trust prompts.
Microsoft ACS: Agent Controls Move Into the Runtime
Microsoft's Agent Control Specification gives agent teams a portable runtime policy layer for tool calls, approvals, and audit evidence.
NSA MCP Guidance: Inventory Agent Tools Before They Drift
NSA's MCP security guidance turns the agent tooling debate into an operational checklist: inventory servers, verify tool changes, and scan before trust drifts.
Ruleset v2026.06.05: What 300 Sub-Agent Reviews Revealed
A focused review pass surfaced a malicious publisher family targeting Claude Code config — and a handful of regex rules costing more in false positives than they were worth. Here's what we changed.
MCP RCE Debate: Treat Agent Plugins Like Executable Code
The public debate around MCP remote code execution risk shows a hard lesson for AI agents: plugins, connectors, and skills need supply-chain controls.
Best AI Security Auditing Skills for Developers [2026]
Top 5 security auditing skills from our scored review — 146 vulnerability vectors, 11 footgun databases, and a real-time GitHub supply chain auditor.
MCP Tool Poisoning: How Hidden Metadata Hijacks AI Agents
MCP tool descriptions are visible to your AI agent but hidden from you. Attackers embed instructions that hijack agent behavior and steal credentials.
SkillJect and the Gap in Skill Registry Security
A new paper achieves 97.5% attack success against Claude Code using poisoned skills. Here's what we found, and the four detection rules we shipped in response.