Insights, updates, and best practices for AI agent security and identity management
Ahead of my SVCC 2026 talk: agent identity tells you who an agent is once. It does not tell you whether the agent you authorized five minutes ago is still safe to act now. Here are the open OpenA2A specifications for continuous trust and authorization, and where each one honestly stands.
Every AI agent that ever did the wrong thing had a system prompt telling it not to. The PocketOS database wipe, the Anthropic Opus 4.6 findings, and 7,630 T1550 events in our honeypot data are versions of the same observation: the model is not the boundary.
ARIA's first 30-day behavioral threat report. 45% of unique attackers returned across multiple sessions. 75% of events targeted MCP. 95.1% callback rate against security-vertical honeypots. Every number anchored to live instrumentation.
Every AI coding tool on the market reads your credentials. No tool existed to stop it. Secretless AI is the first purpose-built solution: five encrypted backends (1Password, OS Keychain, HashiCorp Vault, GCP Secret Manager, local AES-256), runtime injection, and context-window blocking. Open source.
AI Browser Guard is now available on the Chrome Web Store. Detect Playwright, Puppeteer, Selenium, Computer Use, and Operator in your browser. Delegation rules, emergency kill switch, session timeline. Zero network requests by default, fully local processing.
Shadow AI is the use of AI agents and MCP servers without organizational visibility. opena2a detect scans for running agents, discovers MCP configs, and reports governance gaps. One command to answer: what is running, and is it governed?
Scanning finds vulnerabilities. Shielding prevents exploitation. OpenA2A Shield combines credential protection, configuration integrity monitoring, runtime detection, and security posture scoring into a unified layer for AI projects.
AI coding assistants read your .env files, terminal history, and MCP server configs. Every API key in your project is one autocomplete away from a cloud log. Here is how to protect credentials without breaking your workflow.
Run opena2a review in any project directory and get a security posture score with credential scanning, configuration hygiene checks, and actionable fix commands. Works with any AI project.
In December 2025, researchers extracted Claude's internal soul document, the training-embedded values that shape its behavior. OASB v2 now formalizes behavioral governance with 72 controls across 9 new domains. Here's why every AI agent needs a soul document and how to audit yours.
Block API keys, .env files, and MCP server secrets from entering AI context windows. Encrypted storage with OS keychain and 1Password backends. Runtime injection without exposing values. Works with Claude Code, Cursor, Copilot, Windsurf, Cline, and Aider.
AI agents are deploying faster than security teams can assess them. OASB brings the CIS Benchmark model to agentic AI -- 46 controls, 10 categories, 3 maturity levels. Machine-readable, automatable, and open source.
ARP (Agent Runtime Protection) monitors OS-level activity and AI-layer traffic with 20 built-in threat patterns. Process, network, filesystem monitoring plus prompt injection, MCP exploitation, and A2A attack detection. EDR for AI agents.
We contributed 6 security fixes to OpenClaw (205K+ stars). 4 PRs merged directly, 2 adopted by maintainers. Fixes cover credential redaction, code safety scanning, path traversal, file permissions, timing side-channels, and npm lifecycle attacks.
DVAA (Damn Vulnerable AI Agent) is an intentionally vulnerable platform for learning AI agent security. 17 agents, 12 vulnerability categories, 22 CTF challenges across 3 protocols. The DVWA of AI agents.
AI agents are making decisions, calling APIs, and accessing sensitive data autonomously. But most have no real identity, just shared API keys and bearer tokens. Here's how to give every agent a cryptographic identity that's verifiable, auditable, and enforceable at runtime.
OAuth 2.0 and OpenID Connect power human authentication across the web. But AI agents aren't humans. They don't click consent screens, bearer tokens can't prove which agent acted, and scopes can't enforce capabilities at runtime. Here's the identity gap the industry is ignoring and how AIM solves it.
OASB (Open Agent Security Benchmark) is an open security benchmark for AI agents. 46 controls across 10 categories with L1/L2/L3 maturity levels. The CIS Benchmark for agentic AI.
PR #9806 merged 1,721 lines of code into OpenClaw (205K+ GitHub stars), adding a built-in skill security scanner that detects malicious patterns across 6 check categories before skills can execute. The scanner runs automatically at install and update time.
HackMyAgent v0.4.0 ships the first automated detection for CVE-2026-25253 (CVSS 8.8), expanded ClawHavoc campaign IOCs, and 11 new security checks for OpenClaw installations.
HackMyAgent is an open-source security toolkit for AI agents. 115 attack payloads, 204 security checks, OASB-1 compliance benchmarks. The missing OWASP ZAP for agentic AI.
We scanned 97,013 internet-facing hosts for AI agent vulnerabilities. 14.4% had confirmed security issues. 1,190 had system instructions publicly readable. 645 had MCP tool definitions exposed. Here's what we found and what we're doing about it.
Traditional NHI platforms manage service accounts and API keys. But AI agents represent a fundamentally different class of non-human identity that requires purpose-built governance. Here's the gap in your NHI strategy.
The ClawHavoc campaign planted 341 malicious skills on ClawHub. Combined with GHSA-g8p2's 1-click RCE vulnerability, OpenClaw users face credential theft, reverse shells, and persistent backdoors. We built a scanner to detect it.
OWASP released their Top 10 for Agentic Applications in December 2025. Here's how each risk maps to NHI governance capabilities, and what you can do about it.
January 2026 marked a turning point in AI security. ServiceNow disclosed what researchers called 'the most severe AI-driven vulnerability uncovered to date', exposing 85% of Fortune 500 companies to potential takeover through improperly secured AI agents.
AIM (Agent Identity Management) is now available. Secure your AI agents with one line of code. Cryptographic identity, MCP attestation, trust scoring, and comprehensive audit logging for production AI deployments.
This article discusses critical vulnerabilities in AI agent systems, particularly focusing on CVE-2025-32711 (EchoLeak) affecting Microsoft Copilot and CVE-2025-49596 in MCP servers. Learn how to secure your AI agents with Agent Identity Management (AIM).
Subscribe to our newsletter for weekly insights, vulnerability alerts, and best practices
Get started with AIM and protect your AI infrastructure with just one line of code