SourcesState of AI Agent Security 2026: 88% Report IncidentsGravitee.io·high signalGravitee.io report: 88% incidents, 14.4% security approval, 45.6% shared API keysSourceSource pageGravitee.io↳ Follow the threadStack layer / Threat patternVaronis discloses 'Rogue Agent' — a Dialogflow CX flaw letting one permission poison a shared agent runtimeNxCodeStack layer / Threat patternCASP Report Documents How Boko Haram Operationalized Frontier AI for Attack PlanningCASPStack layer / Threat patternUnit 42: AI-agent npm packages become a prime supply-chain target in H1 2026Unit 42 (Palo Alto Networks)Stack layer / Threat patternGhostApproval: symlink flaw turns human-in-the-loop into a rubber stamp across 6 coding agentsCyber Security NewsPolicy dependency / Stack layerFirst Recon AI ships AI Security Runtime GA — inline policy enforcement on every agent-to-agent and agent-to-tool callBusiness WirePolicy dependency / Stack layerPattern: this week's enterprise agent news is dominated by runtime governance and cost controlAI Agent StorePolicy dependency / Stack layerCodenotary ships AgentMon 3 for agent runtime policy and compliance loggingAI Agent StorePolicy dependency / Stack layerAltman: OpenAI Made 'Many Changes' to GPT-5.6 After Talks With Trump Administration Officials, Pushes Back on 5% Stake ReportsCNBC