NewsKrebs: Lethal Trifecta Framework for Agent SecurityKrebs on Security·high signalKrebs defines Lethal Trifecta: private data access + untrusted content + external communication = exfiltration. Misconfigured OpenClaw installations leaking API keys.SourceSource pageKrebs on Security↳ Follow the threadPolicy dependency / Stack layerIAPS warns on Kimi Claw: security and governance risks of Chinese-hosted 'always-on' AI agentsIAPSPolicy dependency / Stack layerStrict data-flow tracking is the only defense that zeroes out ADI — spend its utility cost only on code execution and moneyarXiv 2607.05120Policy dependency / Stack layerHalluSquatting weaponizes LLM hallucinations to push botnet malware into agentsThe Hacker NewsStack layer / Threat patternMeta Charges for a Frontier Model for the First Time: Muse Spark 1.1 at $1.25/$4.25TechCrunchStack layer / Threat patternAWS open-sources Loom, an enterprise agent platform built on Strands Agents + Bedrock AgentCore RuntimeAWS Open Source BlogStack layer / Threat patternOpen-Source Multi-Agent Firewall Intercepts Both HTTP(S) and WebSocket LLM TrafficarXivStack layer / Threat patternOpenClaw ships broad July 6 platform update: GPT-5.6 support, external harness attach, hardened provider I/OReleasebotStack layer / Threat patternCodeTracer Performs Forensic Attribution of Backdoored Code CompletionsarXiv