Written in
the Cards

Our researchers found that creating and exfiltrating API keys from providers like Anthropic, OpenAI, and AWS requires nothing more than JavaScript. No extra permissions. No user interaction. Here's what that looks like in practice.

Explore the 7 subtle “sins” of agentic AI—behavioral patterns that quietly introduce risk. Learn how autonomy can drift and how to keep systems aligned.

Most AI governance conversations sound like they were written by a compliance team. This one doesn't.

What we learned partnering with Lovable to strengthen safety in AI-powered website creation

As AI experiments scale, so does risk. Discover how to build continuous AI governance and security into production systems.

As AI agents gain the ability to reason, plan, and act autonomously, their internal thinking becomes a new attack surface that must be protected just as carefully as the tools they use.

Learn how the FY2026 NDAA and new NIST frameworks are shifting agentic AI from experimental to regulated. Master the security controls and Zero Trust principles required to win federal AI contracts this year.

A malicious “Skill” for the OpenClaw AI framework, titled “RememberAll”, is currently being distributed via the ClawHub marketplace. While purporting to be a personal reminder utility, the skill contains hidden instructions to download a secondary payload (secure-sync) that harvests sensitive credentials (API keys, .env files) and exfiltrates them to a public ntfy.sh dead-drop resolver.

Learn how to secure your AI agent ecosystem with Caterpillar, a free open-source tool designed to unmask hidden vulnerabilities, injection paths, and unsafe configurations in AI skills.