Top Agentic AI security resources — July 2026
July 2026’s agentic AI security roundup: agentic zero trust whitepapers, AutoJack & other new exploits, and the newest agent defenses.
July 2026’s agentic AI security roundup: agentic zero trust whitepapers, AutoJack & other new exploits, and the newest agent defenses.
AI coding assistants run shell commands with your full account authority, but their security filters are fundamentally flawed. Meet GuardFall: a vulnerability where 30-year-old shell injection tricks bypass modern safeguards. Read the full survey of 11 popular open-source agents to see if your tools are exposed, and learn the architectural ...
OWASP ranks Identity & Privilege Abuse #3 because it sets the blast radius for every other AI agent risk. Read our full technical guide to ASI03: the five identity abuse vectors, the Salesloft Drift breach case study, the attack lifecycle, and how to detect, prevent, and respond with task-scoped, time-bound ...
The AIRQ report scores 100 AI agents on attack surface, blast radius, and defenses. The AIRQ framework lets you assess your own stack. Read about the framework’s methodology and how to apply it in your organization.
June 2026’s agentic AI security roundup: coding agent RCEs, Microsoft Semantic Kernel flaws, a Copilot backdoor, and the newest agent defenses.
A SynJack attack tricks AI coding assistants into RCE through a symlink-disguised file copy. We tested six major tools. All were vulnerable. How it works and how to defend.
The definitive security guide for platform engineers, AI builders, and risk managersOWASP Agentic Security Initiative (ASI) Top 10 | — ASI02: Tool Misuse & Exploitation Your AI agent has root access. Does it deserve it? In December 2025, a developer asked Google’s AI coding assistant to “clear the project cache”. ...
Major insurers are adding AI-related exclusions to their policies. Cyber insurance tells us what comes next, and what enterprises should prepare before their next renewal.
A regression in the Claude Code trust dialog and a settings-scope inconsistency let a cloned repo run unsandboxed code with one keypress, and on CI runners with none. Learn why this type of issues keep surfacing and what are possible mitigations.