AgentsUnit 42 Agent Session Smuggling A2A Attack PoCPalo Alto Networks·high signalFirst formally documented agent-to-agent attack from major security vendor. PoCs demonstrate financial assistant manipulation via session injection.SourceSource pagePalo Alto Networks↳ Follow the threadShared entity / Threat patternClawHavoc campaign plants 300+ malicious skills on a single marketplace to run infostealersUnit 42 (Palo Alto Networks)Stack layer / Threat patternMeta Charges for a Frontier Model for the First Time: Muse Spark 1.1 at $1.25/$4.25TechCrunchPolicy dependency / Stack layerStrict data-flow tracking is the only defense that zeroes out ADI — spend its utility cost only on code execution and moneyarXiv 2607.05120Stack layer / Threat patternClaude Code v2.1.203 and v2.1.204 Add Login-Expiry Warnings and Fix Headless Hook StreamingClaude Code DocsStack layer / Threat patternDefend against prompt injection with an embedding-scored Threat Library, not brittle regex rulesPromptHaloStack layer / Threat patternClaude Code v2.1.205 Blocks Auto-Mode Transcript Tampering and Prompts Before rm -rf on Unresolved VariablesClaude Code ChangelogStack layer / Threat patternAWS open-sources Loom, an enterprise agent platform built on Strands Agents + Bedrock AgentCore RuntimeAWS Open Source BlogStack layer / Threat patternZendesk Makes Forethought AI Agents a Paid Add-On and Ships AI Predictive RoutingZendesk