Help Net Security
Public MindPattern findings, entities, and graph evidence that cite this source.
Findings
40
All-time hits
1
High value
1
Last seen
2026-03-10
Connected entities
Help Net SecurityOWASP 'State of Agentic AI Security' v2.01: coding agents dominate, prompt injection still the root Help Net Security (OWASP)OWASP data: prompt injection still drives most agentic-AI security failures in production as MCP CVEAI Risk Quadrant Report: Only 11% of 100 Production Agents Pass the Security Bar; 98% Carry the 'LetClaude Mythos Autonomously Discovers 23,019 Open-Source Vulnerabilities and Exploits 17-Year-Old FreClaude Security Enters Public Beta — Opus 4.7 Agent Scans Codebases for Logic-Level Vulnerabilities,Snyk Embeds Anthropic's Claude into AI Security Platform — Report Finds 65-70% of Production Code NoTrustFall: Adversa AI Reveals One-Keypress RCE Across Claude Code, Gemini CLI, Cursor CLI, and GitHuCISA Adds Langflow RCE (CVE-2026-33017) and Trivy Supply Chain (CVE-2026-33634) to Known Exploited VHelp Net Security / BinarlyDryRun Security: AI Coding Agents Introduce Vulnerabilities in 87% of Pull RequestsRSAC 2026: AI Agent Security Launches as Net-New Enterprise Category — 20+ Vendors Ship Products in Vorlon Launches AI Agent Flight Recorder and Action Center at RSA 2026: First Forensics for Agentic Help Net Security: Agentic Attack Chains Advance as Infostealers Adapt to Harvest AI Agent CredentiaHelp Net Security — Entro Security AGA Brings Governance and Control to Enterprise AI Agents
Related findings
- 2026-06-27 / TOOLSOWASP v2.01 State of Agentic AI Security: Prompt Injection May Be Unfixable, Not Just UnpatchedOWASP published version 2.01 of its State of Agentic AI Security and Governance on June 11, arguing that prompt injection — the central weakness of autonomous agents — may be inherent rather than a bug a future release will close. A parallel review synthesizing 78 studies (2021-2026) found attack success rates above 85% against state-of-the-art defenses when adaptive strategies are used, reframing the problem from prevention to containment for anyone shipping tool-enabled agents.
- 2026-06-23 / AGENTSOWASP ships State of Agentic AI Security v2.01 alongside fresh coding-agent CVEs in Cursor and ModelScopeOWASP's GenAI Security Project released version 2.01 of its State of Agentic AI Security and Governance on June 11, 2026, cataloging CVEs, vendor advisories, and breach reports across nearly every agentic-risk category. Two concrete entries hit coding agents directly: CVE-2026-22708 lets an attacker poison a Cursor IDE agent's execution environment so allowlisted commands like `git branch` deliver arbitrary payloads, and CVE-2026-2256 is a command-injection flaw in ModelScope's MS-Agent whose shell tool fails to sanitize input, allowing crafted content fed to the agent to execute arbitrary OS commands on the host. Both reinforce that allowlist-based command gating in agent harnesses is brittle against environment poisoning.
- 2026-06-23 / SKILLSAssume every single prompt-injection defense fails under adaptive attack — design defense-in-depth, not one controlA joint study across OpenAI, Anthropic, and Google DeepMind found that under adaptive attack conditions, every published defense was bypassed at success rates above 90% — meaning no single filter or classifier is sufficient. The practical response is layered: separate trusted from untrusted text, validate output structure before acting, sandbox capabilities, enforce least-authority tools, plant canary tokens for exfiltration, and require human approval for high-impact actions. Treat prompt injection as a containment problem, not a detection problem.
- 2026-06-14 / AGENTSOWASP 'State of Agentic AI Security' v2.01: coding agents dominate, prompt injection still the root failureOWASP's 2026 report (covered June 11) finds 28 of 53 tracked agentic projects are coding agents, with the five fastest-growing tools (Claude Code, Gemini CLI, Codex, Cline, Aider) all in that category. Repository security advisories cluster around n8n (57), Claude Code (22), AutoGPT (15), Dify (13) and Roo-Code (11), and prompt injection maps to six of OWASP's ten Top 10 for Agentic Applications. The report leans on Simon Willison's 'Lethal Trifecta' and Meta's 'Agents Rule of Two' as design guardrails, while only 37% of orgs have policies to detect shadow AI.
- 2026-06-13 / RESEARCHOWASP data: prompt injection still drives most agentic-AI security failures in production as MCP CVEs pile upA June 11, 2026 report (Help Net Security, citing OWASP) finds prompt injection remains the dominant cause of agentic-AI security failures in production deployments. It lands amid a broad MCP supply-chain wave: VIPER-MCP surfaced 106 zero-days and produced 67 CVEs after scanning ~40,000 server repos, Censys counted 12,520 internet-accessible MCP services (most unauthenticated), and CVE-2026-22708 against Cursor lets attackers poison the agent's execution environment. For builders running MCP/agent stacks, this is an immediate audit-your-tools signal.
- 2026-06-08 / AGENTSAI Risk Quadrant Report: Only 11% of 100 Production Agents Pass the Security Bar; 98% Carry the 'Lethal Trifecta'The Q2 2026 AI Risk Quadrant (AIRQ) assessment, led by Eugene Neelou, scored 100 production agents across attack surface, blast radius, and defense controls and found only 11% qualify as 'Fortified Leaders' while 98% exhibit the lethal trifecta of private-data access, untrusted-content exposure, and outbound-action capability. Tool execution alone explains 76% of blast-radius variance, and sandboxing cut residual risk roughly 2.6x. Notably, only 17% of vendor defense claims carried independent public verification.
- 2026-05-27 / VOICESClaude Mythos Autonomously Discovers 23,019 Open-Source Vulnerabilities and Exploits 17-Year-Old FreeBSD Root RCEAnthropic's Project Glasswing update reveals Claude Mythos Preview flagged 23,019 potential vulnerabilities across open-source projects, with 6,202 estimated as high- or critical-severity. The headline result: Mythos fully autonomously identified and exploited a 17-year-old remote code execution vulnerability in FreeBSD's NFS implementation that grants root access — a bug that survived decades of human security review. Anthropic acknowledged that 'no company — including Anthropic — has developed safeguards strong enough to prevent such models from being misused,' which is why Mythos remains restricted to Project Glasswing partners.
- 2026-05-23 / AGENTSArmorCode Launches Anya Agents: Purpose-Built AI Security Workers for Automated Triage, Exposure Analysis, and RemediationArmorCode announced Anya Agents on May 20, an agentic AI framework on the ArmorCode platform that turns unified security and business context into purpose-built AI workers for five specific workflows: triage, exposure analysis, remediation, validation, and compliance. Unlike generic AI assistants, Anya Agents are designed to operationalize AI-driven security workflows at enterprise scale by combining security findings with business context (asset criticality, blast radius) to make autonomous prioritization decisions. This represents the shift from security copilots (human-in-the-loop assistants) to security agents (autonomous workers).
- 2026-05-22 / AGENTSMemoryTrap Attack Class: Poisoned Agent Memory Spreads Across Sessions, Users, and SubagentsCisco research published in Help Net Security details the MemoryTrap attack class where a single poisoned memory object in an agentic AI system can propagate across sessions, users, and subagents through 'trust laundering' — mixing untrusted data with trusted data in shared instruction surfaces. If Agent A reads Agent B's memory, it inherits any hidden faults or malicious inputs, making memory a persistent retrieval and instruction layer that stores preferences, context summaries, workflow patterns, and learned behavior exploitable in future sessions. The researchers recommend tight validation scanning as an automated fact-checking process when data is transferred between agents.
- 2026-05-22 / PROJECTSBabel Street Launches Insights Investigator — Agentic AI Executes Multi-Step Investigations Across 200+ LanguagesBabel Street launched Insights Investigator on May 18, shifting intelligence work from search-and-query to analyst-directed, AI-executed multi-step investigations across 200+ languages. Agents are trained in tradecraft and investigative workflows but analysts retain full control over scope, logic, and outcomes, with the system exposing its research plan, query logic, and reasoning at every step. This represents the 'agentic AI entering professional workflows' pattern — where the value isn't the model but the domain-specific orchestration layer on top of it.
- 2026-05-21 / AGENTSVeza Announces Enterprise Agent Identity Control Plane: First Action-Level Blast Radius Visualization for AI Agent IncidentsVeza launched the Enterprise Agent Identity Control Plane with Access Agents for automated identity governance and an industry-first Access Graph that quantifies exact action-level blast radius for every AI agent — showing every data store, S3 bucket, GitHub repo, and database an agent can reach. During incident response, security teams can instantly visualize lateral movement paths for compromised agent identities. Features include a Suggested Owner Agent mapping agents to human owners, and AISPM mapped to the NIST AI Risk Management Framework. GA expected end of Q2 2026.
- 2026-05-18 / AGENTSPipelock 2.3.0: Open-Source AI Agent Firewall Ships 11-Layer Scanner, 48 Credential Patterns, and Tamper-Evident Audit Logs Under Apache 2.0Pipelock 2.3.0, an open-source agent firewall by PipeLab, sits at the egress boundary between agents and the network — the agent holds secrets but has no direct network access, while Pipelock holds network access but no secrets. Every HTTP, WebSocket, and MCP message passes through an 11-layer scanner covering SSRF, DLP (48 credential patterns), path traversal, CRLF injection, domain blocklisting, and entropy analysis. Ships as a single 20MB Go binary with hash-chained tamper-evident logs and CycloneDX 1.6 agent SBOMs.
- 2026-05-10 / SKILLSClaude Security Enters Public Beta — Opus 4.7 Agent Scans Codebases for Logic-Level Vulnerabilities, Not Just Pattern MatchesAnthropic's Claude Security uses a multi-stage validation agent (built on Opus 4.7) that adapts analysis per-run, reasoning over code context rather than fixed SAST rules. Key differentiator: catches logic-level vulnerabilities that pattern-matching scanners miss, with a validation pipeline designed to reduce false positives before surfacing to engineers. Available for Enterprise customers with directory-scoped targeting, CSV/Markdown export, and webhook integration to Slack/Jira.
- 2026-05-09 / AGENTSSnyk Embeds Anthropic's Claude into AI Security Platform — Report Finds 65-70% of Production Code Now AI-Generated, Nearly Half Contains VulnerabilitiesSnyk announced integration of Claude's reasoning capabilities into its AI Security Fabric for automated vulnerability discovery, prioritization, and developer-ready fixes across code, dependencies, containers, and AI-generated artifacts. The partnership is driven by Snyk's 2026 State of Agentic AI Adoption Report finding that 65-70% of production code is AI-generated, nearly half contains vulnerabilities, and coding agents operate almost entirely outside traditional AppSec tooling. Available to joint customers now with expanded access rolling out through 2026.
- 2026-05-08 / AGENTSTrustFall: Adversa AI Reveals One-Keypress RCE Across Claude Code, Gemini CLI, Cursor CLI, and GitHub Copilot CLIAdversa AI's TrustFall research reveals a systemic vulnerability class across four major AI coding CLIs: all four execute project-defined MCP servers immediately after the user accepts the folder trust prompt, which defaults to 'Yes/Trust' — meaning one Enter keypress in a cloned repo is sufficient for RCE. The finding reframed what was initially seen as a Claude Code regression into an industry-wide convention problem shared across all agentic CLIs that read project configuration files.
- 2026-05-04 / SKILLSOpenAI Requires Passkeys and Hardware Keys for Advanced Cyber Model Access Starting June 1, 2026OpenAI announced Advanced Account Security for ChatGPT, requiring individual members of Trusted Access for Cyber to enable passkeys or hardware security keys before accessing the most capable and permissive cyber models starting June 1, 2026. This is the first time a frontier AI provider has mandated hardware-backed authentication for access to specific model capabilities. For builders: if you're enrolled in TAC or planning to use cyber-permissive models, set up passkeys now — this signals a broader trend of capability-gated authentication that other providers will likely follow.
- 2026-05-01 / AGENTSGitGuardian: 24,008 Unique Secrets Exposed in MCP Configuration Files on Public GitHubGitGuardian's State of Secrets Sprawl 2026 report found 24,008 unique secrets in MCP-related configuration files on public GitHub, including 2,117 confirmed valid credentials. Google API keys account for nearly 20% and PostgreSQL connection strings 14% of exposed secrets. The root cause: popular MCP setup guides recommend putting API keys directly into configuration files, command-line arguments, or embedded connection strings. Across all of GitHub, 28.65 million new hardcoded secrets were added in 2025 (+34% YoY), with AI service credentials accelerating faster than any other category.
- 2026-04-18 / AGENTSCodenotary Launches AgentMon: First Enterprise Monitoring Platform for Agentic AI NetworksCodenotary released AgentMon on March 31, the first enterprise-grade monitoring system purpose-built for agentic networks. AgentMon provides real-time visibility into agent behavior, communication paths, token usage, model selection, inference latency, file access patterns, secrets handling, and data access that may indicate leakage or policy breaches. Targets CIOs, CISOs, and compliance leaders operationalizing AI at scale, as BCG projects the AI agent market growing at 45% CAGR over the next five years.
- 2026-04-16 / SKILLSGitGuardian State of Secrets 2026: 28.65 Million New Hardcoded Secrets on GitHub, AI-Service Credential Leaks Surge 81% Year-Over-YearGitGuardian's annual State of Secrets Sprawl 2026 report found 28.65 million new hardcoded secrets added to public GitHub in 2025, with AI-service API key leaks specifically surging 81% year-over-year as developers integrate more AI services into their workflows. The report contextualizes why GitGuardian built AI hooks for coding assistants — the combination of AI code generation speed and credential sprawl creates a compounding risk surface. This data undermines the assumption that AI coding tools make code more secure by default.
- 2026-04-16 / SKILLSGitGuardian Ships AI Hooks: Real-Time Secret Scanning for Claude Code, Cursor, and Copilot — Blocks Secrets Before Prompt SubmissionGitGuardian extended ggshield with hook-based secret scanning that integrates with native hook systems of Claude Code, Cursor, and VS Code/Copilot, scanning prompts in real time before they reach the model. When a secret is detected, a blocking message appears in the AI tool with remediation instructions. This addresses a growing crisis: GitGuardian's 2026 State of Secrets report found 28.65M new hardcoded secrets on public GitHub in 2025, with AI-service credential leaks surging 81% year-over-year.
- 2026-04-03 / PROJECTSCodenotary AgentMon: First Enterprise Agentic Network Monitoring Tool LaunchesCodenotary launched AgentMon on March 31, 2026, the first enterprise-grade monitoring tool specifically designed for agentic AI networks. AgentMon provides real-time visibility into agent behavior, communication paths between agents and services, token usage, model selection, inference latency, file access, and secrets handling — detecting data leakage or policy breaches. With BCG projecting 45% CAGR for the AI agent market, AgentMon targets CIOs and CISOs operationalizing AI at scale.
- 2026-04-02 / AGENTSAstrix Security Expands AI Agent Platform with Four-Method Discovery Architecture for Shadow Agent DetectionAstrix Security unveiled a major expansion of its AI agent security platform with a four-method discovery architecture: direct AI platform integrations, non-human identity fingerprinting for shadow agents, telemetry ingestion from existing endpoint/network sensors, and a bring-your-own-service option for custom deployments. The platform provides real-time policy enforcement over what agents are allowed to do, covering both managed AI platforms and shadow deployments on managed devices.
- 2026-04-02 / AGENTSExabeam Expands Agent Behavior Analytics to Detect AI Agent Threats Across ChatGPT, Copilot, and GeminiExabeam launched expanded Agent Behavior Analytics (ABA) on April 1, adding detection coverage for OpenAI ChatGPT and Microsoft Copilot alongside existing Gemini support. The platform builds dynamic behavior profiles tracking request volumes, token usage, tool invocations, and agent lifecycle events — providing the first cross-platform OWASP Top 10 agentic AI detection library, with a detection library 5x larger than the previous version.
- 2026-03-28 / AGENTSCISA Adds Langflow RCE (CVE-2026-33017) and Trivy Supply Chain (CVE-2026-33634) to Known Exploited Vulnerabilities CatalogCISA added two critical AI toolchain CVEs to its KEV catalog on March 25-26: Langflow CVE-2026-33017, a code injection flaw in v1.8.2 and earlier allowing unauthenticated RCE on agent workflow instances, saw exploitation within 20 hours of advisory publication on March 17. Trivy CVE-2026-33634 tracks the TeamPCP supply chain compromise of Aqua Security's scanner on March 19, which cascaded into the LiteLLM PyPI attack affecting 36% of cloud environments monitored by Wiz. Federal agencies face an April 8-9 remediation deadline.
- 2026-03-28 / TOOLSGitGuardian: 28.65 Million New Hardcoded Secrets Exposed in Public GitHub Commits in 2025GitGuardian's State of Secrets Sprawl 2026 report published March 27 reveals 28.65 million new hardcoded secrets (API keys, tokens, passwords) committed to public GitHub repos in 2025, continuing a multi-year rise. With 36 million new developers joining GitHub over the year and AI coding tools generating more code faster, the credential exposure surface is accelerating. This is the security debt side of the agentic coding explosion — every AI agent that commits code is a potential secrets leak vector.
- 2026-03-28 / DISPATCHDryRun Security: AI Coding Agents Introduce Vulnerabilities in 87% of Pull RequestsA DryRun Security study tested Claude Code (Sonnet 4.6), OpenAI Codex (GPT 5.2), and Google Gemini (2.5 Pro) building two applications from scratch. Across 38 scans covering 30 pull requests, the agents produced 143 security issues — 26 of 30 PRs (87%) contained at least one vulnerability. Broken access control was universal across all three agents; Claude introduced a 2FA-disable bypass; Gemini had the most high-severity findings. Codex produced the fewest remaining issues in both apps.
- 2026-03-27 / MARKETSCROSS-CATEGORY: AI-Native Alternatives Launch Across Design, Sales, Security, and Compliance in Same Week — Disruption Breadth AcceleratesIn a single week of March 2026, AI-native alternatives launched or hit milestones across 4+ unrelated SaaS categories simultaneously: Design (Google Stitch cratering Figma 12%), Sales (Rox AI hitting $1.2B unicorn status), Security (12+ vendors at RSAC including Palo Alto, Black Duck, Astrix, Entro), and Compliance (Hyperproof AI agents executing workflows). The simultaneous disruption across categories that previously had nothing in common confirms this isn't sector-specific — it's architectural. The common thread: agents doing work that humans previously needed SaaS tools to accomplish.
- 2026-03-27 / AGENTSHelp Net Security Publishes RSAC 2026 Top Product Launches Roundup: Agent Security Dominates with Astrix, Bonfy, Stellar Cyber, Straiker, Teleport, and Black DuckHelp Net Security's March 27 RSAC 2026 product launch roundup confirms agent security as the dominant category, highlighting Astrix Security's four-method agent discovery, Bonfy ACS 2.0 for content security across all AI agents, Stellar Cyber's agentic SOC, Straiker's Discover/Defend AI for coding agents, Teleport Beams for Firecracker VM agent isolation, Black Duck Signal for AI-generated code security, and Mimecast's Agent Risk Center. The roundup validates that agent governance has moved from conference talk-track to shipping product category.
- 2026-03-27 / AGENTSStellar Cyber Introduces Agentic AI SOC: Multi-Layer AI Across Full SecOps Lifecycle Claims 80% Analyst Productivity Gain and 90% False Positive ReductionStellar Cyber advanced its Human-Augmented Autonomous SOC at RSAC 2026 with coordinated agentic AI reasoning embedded directly into analyst workflows. The platform unifies SIEM, NDR/OT, ITDR/UEBA, detection, investigation, triage, and response in a single open architecture. Automated phishing analysis evaluates user-reported emails, filters benign messages, and escalates only high-confidence threats. Stellar Cyber reports 80%+ analyst productivity improvement and 90%+ false positive reduction across deployments.
- 2026-03-27 / AGENTSMimecast Agent Risk Center Preview: Runtime Data Security for AI Agents — Only 14% of Fortune 500 Have Full Security Approval for Active AgentsMimecast expanded Incydr with the Agent Risk Center (Early Access September 2026), revealing that 80% of Fortune 500 companies now run active AI agents but only 14% have full security approval. The platform continuously scores both human users and AI agents on behavioral anomalies, maps which agents access which sensitive data categories (PII, source code, financial records), and enforces governance across commercial agents, MCP servers, and user-developed agents with sanctioned/unsanctioned classifications and department-level policy enforcement.
- 2026-03-27 / TOOLSPattern: TeamPCP Supply Chain Campaign Escalates — Three Ecosystems Compromised in 8 Days with Increasing SophisticationTeamPCP hit Trivy on March 19 (CVE-2026-33634, CVSS 9.4), LiteLLM on March 24 (credential stealer + malware dropper), and telnyx on March 27 (WAV steganography with dual-platform payloads). Each attack is more sophisticated than the last — the telnyx variant uses audio file steganography to hide encrypted binaries, a technique not seen in the earlier attacks. The campaign specifically targets AI/ML infrastructure packages (LiteLLM for LLM proxying, telnyx for communications), suggesting deliberate targeting of developer toolchains.
- 2026-03-27 / MARKETSRSAC 2026: AI Agent Security Launches as Net-New Enterprise Category — 20+ Vendors Ship Products in Same Week Including Snyk, CrowdStrike, Microsoft, SentinelOne, Palo AltoRSAC 2026 this week saw 20+ AI agent security products launch simultaneously, effectively creating a new enterprise SaaS category. Key launches: Snyk Agent Security with MCP server governance and Snyk Studio for Claude Code/Cursor/Devin (300+ enterprise deployments), CrowdStrike Falcon AI Runtime Protection detecting 1,800+ AI apps on enterprise devices, Microsoft Zero Trust for AI framework with Agent 365 (GA May 1), SentinelOne Purple AI Auto Investigation shrinking investigations from hours to minutes, and Palo Alto Prisma AIRS 3.0. Additional products from Astrix Security, Teleport Beams, Bonfy.AI, Black Duck Signal, Cisco, Mimecast, Novee, Dashlane Omnix, and Stellar Cyber round out the category creation.
- 2026-03-25 / AGENTSCodenotary AgentX: Autonomous AI Agent Platform for Linux Infrastructure Security with Patent-Pending RollbackCodenotary announced AgentX on March 25, an autonomous platform that deploys coordinated AI agent networks to manage and secure large-scale Linux infrastructure. Agents continuously audit configurations, user roles, and security controls across servers, clusters, and containers under zero-trust principles. Features patent-pending rollback technology allowing administrators to reverse any AI-initiated remediation. Ships as modular platform: Base (CLI, trained agents, API integrations), AgentX/Ops (monitoring, optimization), AgentX/Audit (360-day compliance trail), and AgentX/Dev (code vulnerability scanning).
- 2026-03-25 / AGENTSVorlon Launches AI Agent Flight Recorder and Action Center at RSA 2026: First Forensics for Agentic EcosystemsVorlon announced two products at RSA Conference on March 25 that bring forensics-grade audit trails and coordinated incident response to enterprise AI agent deployments. The Flight Recorder captures an immutable, cross-app record of every agent action — identities, API endpoints, data classifications, downstream systems — queryable within minutes using patented DataMatrix technology. The Action Center routes prioritized findings across SecOps, app owners, IT admins, and compliance teams with native SIEM/SOAR/ITSM integrations.
- 2026-03-23 / SKILLSMicrosoft LiteBox: Rust-Based Library OS Offers Container-to-VM Middle Ground for AI Agent Code SandboxingMicrosoft open-sourced LiteBox in February 2026 — a Rust-built Library OS with a POSIX-style North interface and a pluggable South interface that can target Linux, Windows, or SEV-SNP hardware. It runs unmodified Linux binaries inside a drastically reduced host attack surface, lighter than a full VM but with far fewer exposed syscalls than standard containers. Built in Rust for memory safety by construction. Still experimental (APIs unstable), but represents the emerging consensus that shared-kernel containers are insufficient for executing untrusted AI-generated code.
- 2026-03-22 / AGENTSHelp Net Security: Agentic Attack Chains Advance as Infostealers Adapt to Harvest AI Agent Credentials and MCP TokensA Help Net Security investigation published March 12 documents how infostealer malware previously designed for browser credential theft is being actively adapted to target AI agent infrastructure — specifically agent configuration files, MCP server tokens, stored API keys, and agent session state. The adaptation is significant because agent credentials carry far greater blast radius than human credentials: a stolen agent token can trigger automated file system access, API calls, and code execution at machine speed. The report correlates the infostealer evolution with the rapid expansion of MCP server deployments and the growth of agent configuration stored in developer home directories.
- 2026-03-20 / SKILLSEntro Security AGA: AI Agent NHI Inventory Maps Every Agent Runtime to Its OAuth Scopes, Secrets, and MCP Tool CallsLaunched March 18 2026, Entro's Agentic Governance and Administration (AGA) addresses a gap traditional IAM tools miss: AI agents authenticate as Non-Human Identities (API keys, service accounts, OAuth tokens) that bypass human-login audit trails. AGA uses EDR integrations to discover locally running agent runtimes on developer workstations, natively connects to agent foundries (AWS Bedrock, Copilot Studio) to map every agent to its NHIs and OAuth scopes, and enforces MCP policies — logging which tools were invoked, blocking unsanctioned MCP targets, and generating full audit trails of allowed/denied agent actions.
- 2026-03-17 / AGENTSKore.ai Launches Agent Management Platform for Cross-Framework Enterprise AI GovernanceKore.ai launched a unified Agent Management Platform to govern, monitor, and manage AI agents across enterprise frameworks including LangGraph, CrewAI, AutoGen, Google ADK, AWS AgentCore, Microsoft Foundry, and Salesforce Agentforce. The platform introduces a comprehensive evaluation studio for pre-production behavior testing, directly addressing what Gartner calls 'AI sprawl' across enterprise organizations. Kore.ai positions it as a new operational layer sitting above individual frameworks with cross-framework observability and governance primitives.
- 2026-03-16 / AGENTSHelp Net Security: AI Coding Agents Systematically Reproduce Decade-Old Security Vulnerabilities — Claude Code, Codex, and Gemini All AffectedA March 13 Help Net Security analysis of Claude Code, OpenAI Codex, and Google Gemini coding agents found all three systematically reproduce well-documented vulnerability classes: SQL injection, path traversal, hardcoded credentials, and insecure deserialization — bugs that have been in the OWASP Top 10 for over a decade. The pattern holds across all three vendors despite each having distinct training approaches, suggesting the problem is structural: training corpora contain vulnerable code at high frequency, and agents optimize for functional correctness over security correctness. Builders using AI coding agents for security-sensitive code paths have no vendor-agnostic defense today.
- 2026-03-16 / SOURCESBinarly Open-Sources VulHunt: Binary Vulnerability Detection with Native MCP Server and Claude SkillsBinarly released VulHunt Community Edition on March 16, making its core binary scanning engine freely available for POSIX executables and UEFI firmware using simultaneous disassembly, IR, and decompiled code analysis via Lua rules. The framework ships with a native MCP server mode and structured Claude Skills instruction files that teach AI agents exactly how to invoke its tools, making it directly composable in agentic security pipelines. This is the first open-source binary vulnerability scanner designed as a first-class MCP tool.