← The Wire

Public story · 2026-02-21 · source-backed

Agent Security (Priority: +2.0)

Confidence
source-backed
Sources
4
Redaction
redacted

Story

1. Harden CI/CD Pipelines Against PromptPwnd AI Injection | Intermediate Aikido Security disclosed "PromptPwnd" — five Fortune 500 companies confirmed affected by AI agent injection in GitHub Actions.

  1. Audit all .github/workflows/ for user-controlled input (github.event.issue.title) passed into AI agent prompts
  2. Sanitize untrusted input: SANITIZED_TITLE=$(echo "$TITLE" | tr -cd '[:alnum:] -' | cut -c1-200)
  3. Restrict AI agent tool access to read-only in triage/analysis workflows
  4. Set minimal permissions:contents: read, issues: read, never write access to AI agent jobs
  5. Add OpenGrep detection rules for untrusted content interpolated into AI prompts Source: Aikido Security

2. Defend Against AI-Augmented Credential Scanning | Intermediate The FortiGate campaign proved basic defense-in-depth defeats AI-augmented attacks — hardened targets were simply skipped.

  1. Audit all perimeter devices for exposed management interfaces on ports 443, 8443, 10443, 4443
  2. Enforce MFA on ALL admin and VPN access — the campaign succeeded only against single-factor targets
  3. Rotate SSL-VPN and admin credentials with 16+ character minimum
  4. Segment management interfaces onto dedicated VLANs with IP allowlists
  5. Deploy detection for DCSync, pass-the-hash, and Veeam backup server access (ransomware staging indicator) Source: AWS Security Blog

3. Harden AI Coding Tool Supply Chains with OIDC | Advanced The Clinejection attack chain (prompt injection -> token theft -> malicious publish) is now the template. Defend against it.

  1. If you installed [redacted]: uninstall cline AND openclaw globally, reinstall latest, rotate ALL credentials
  2. Migrate npm publishing from static tokens to OIDC via GitHub Actions (--provenance flag)
  3. Run uvx mcp-scan@latest --skills to audit all installed agent skills and MCP servers
  4. Generate AI Bill of Materials: snyk aibom to inventory all models, agents, tools, and skills
  5. Disable Actions cache consumption in workflows handling publication secrets Source: Snyk Blog

4. Implement Runtime MCP Security | Advanced Production agents need runtime defense — the "guardrail sandwich" pattern with tool call authorization.

  1. Input sanitization with trust labeling on ALL data sources (user prompts, RAG, tool responses, MCP descriptions)
  2. Tool call authorization: whitelist allowed tool + argument combinations, reject everything else
  3. Rate limiting per-session and per-minute on tool calls; flag anomalous patterns
  4. Version-locked, digitally signed tool definitions; regular mcp-scan for tool poisoning detection
  5. Comprehensive audit trails via OpenTelemetry across all tool invocations Source: Microsoft Security Blog

Related stories

Each link below shares sources, entities, or timing with this story.

  1. Shared entities / Same source / Shared topic / What happened next / Tension

    Harden CI/CD Against AI Agent Supply Chain Attacks

    Both cover GitHub Actions, Harden CI, OIDC; cite the same source (Snyk Blog); overlapping topics (action, against, agent).

  2. Shared entities / Same source

    Breaking News & Industry

    Both cover AWS Security Blog, Fortune; cite the same source (AWS Security Blog, Snyk Blog).

  3. Shared entities / Shared topic / What happened next / Tension

    Agent Security

    Both cover Agent Security, MCP; overlapping topics (against, agent, audit, security, tool); picks up the Agent Security thread on 2026-02-22.

  4. Shared entities / Shared topic / What happened next

    Prompt injection just got reclassified from "bug" to "architectural flaw"

    Both cover Input, MCP; overlapping topics (against, agent, injection, input, prompt); picks up the Input thread on 2026-06-27.

  5. Shared entities / Same source domain / Shared topic / What happened next

    The Security Scanner Was the Attack Vector. 10,000 CI/CD Workflows Compromised.

    Both cover GitHub Actions, MCP; reported by the same outlet (snyk.io); overlapping topics (action, security, tool, workflow).

  6. Shared entities / Shared topic / What happened next / Tension

    10 actionable skills from today's findings:

    Both cover Audit, MCP, RAG; overlapping topics (agent, skill); picks up the Audit thread on 2026-03-22.

  7. Shared entities / Same source domain / Shared topic / What happened next

    The Agent Security Crisis Is Here: 36% of ClawHub Skills Malicious, 30+ MCP CVEs, RCE in Microsoft Agent Framework

    Both cover Audit, MCP; reported by the same outlet (snyk.io); overlapping topics (action, agent, audit, skill).

  8. Shared entities / Same source / Shared topic / What happened next

    CyberStrikeAI: First Documented MCP-Powered Attack Campaign Compromises 600+ FortiGate Devices

    Both cover AWS Security Blog, MCP; cite the same source (AWS Security Blog); overlapping topics (action, agent).