Tags: security

A developer using Claude Code noticed a consent prompt for telemetry even in projects that lack any Vercel configuration. Investigation revealed that the Vercel plugin injects system‑level instructions, captures full Bash command strings, device identifiers, OS details and other usage data, and transmits them without an explicit opt‑in. Disabling the data collection requires manual changes to environment variables or configuration files, steps that are not presented during installation. Vercel has not responded to requests for comment. Weiterlesen

Microsoft is piloting OpenClaw‑inspired AI agents inside its Copilot suite, aiming to give the productivity assistant an always‑on, autonomous mode. Corporate vice president Omar Shahine confirmed the company is exploring the technology for enterprise use, with prototypes that could monitor Outlook, suggest daily tasks and operate within role‑specific limits. The trial is slated to be demonstrated at the Build conference starting June 2, after a report by The Information on April 13. Microsoft says the approach could address security concerns while recapturing customers lost to rival AI services. Weiterlesen

Microsoft is testing a new AI agent that mimics the open‑source OpenClaw tool but runs within its Microsoft 365 Copilot suite. The company says the feature, aimed at enterprise customers, will offer tighter security controls and operate continuously to handle multistep tasks. While the agent could run on local hardware, Microsoft has not confirmed its deployment model. The firm plans to showcase the technology at its Build conference in June, following a series of recent Copilot‑related launches. Weiterlesen

Anthropic announced a limited rollout of Claude Mythos Preview, a cybersecurity‑focused artificial‑intelligence model, to a handful of vetted customers such as Amazon, Apple, Microsoft, Broadcom, Cisco and CrowdStrike. The move follows two recent data leaks that exposed internal documents and source code, prompting the company to tighten distribution while it continues talks with the U.S. government about the model’s use. Anthropic says Mythos can spot vulnerabilities at a scale beyond human analysts but could also be weaponized if it falls into the wrong hands. Weiterlesen

Enterprises are rapidly embedding autonomous coding assistants and AI‑driven DevOps tools into their software pipelines, but experts say the speed of adoption is outpacing oversight. Citing a recent AWS outage caused by a misconfigured AI agent, analysts stress that least‑privilege access, sandboxed environments, and rigorous human review are essential to prevent small errors from becoming major incidents. Governance, they argue, should be built into the deployment pipeline, not tacked on after a breach. The consensus: AI agents can boost productivity, but only when managed like fast‑acting junior engineers. Weiterlesen

Generative AI is reshaping cybercrime by drastically cutting the time and expertise needed to launch scams. Tasks that once required many hours can now be completed in minutes, enabling criminals to produce convincing phishing emails, deepfake voices, fake documents, and entire scam campaigns at scale. The rapid automation has turned fraud into an industrialized operation, allowing thousands of attacks to be deployed simultaneously and increasing global losses dramatically. Defenders are struggling to keep pace with the speed and sophistication of AI‑driven fraud. Weiterlesen

Perplexity introduced Computer, an AI agent that can assign tasks to other AI agents. Operating primarily in the cloud, the service runs within a controlled environment that limits integrations to vetted plugins. Users can supply context through files such as USER.MD, MEMORY.MD, SOUL.MD, and HEARTBEAT.MD, allowing the agent to create, modify, or delete files on the user’s system. While the design aims to temper the wild capabilities seen in tools like OpenClaw, Perplexity acknowledges that large‑language‑model errors and security concerns remain, especially when the agent works with unbacked‑up data. Weiterlesen

Anthropic has introduced Remote Control for Claude Code, allowing developers to monitor and steer coding tasks from a mobile device. The feature creates a temporary link that mirrors the local session on a phone or web interface, while keeping all files and execution on the original machine. Security relies on one‑time access tokens that expire when the session ends. Remote Control is currently available as a research preview for Claude Max subscribers, with broader rollout planned for other plans. Weiterlesen

Microsoft’s security team has cautioned that OpenClaw, a self‑hosted AI agent runtime, should not be run on ordinary personal or enterprise computers. The platform can silently execute risky actions while holding persistent credentials, exposing devices to data leakage, credential exposure, and hidden configuration changes. Microsoft recommends isolating OpenClaw in a dedicated virtual machine or separate device, using limited, purpose‑built credentials, and employing continuous monitoring to detect unusual activity. Weiterlesen

Google introduced the Agent-to-Agent (A2A) protocol, an open standard that lets AI agents communicate directly, share data, and collaborate across applications and enterprise workflows. Built on existing web standards and OpenAPI authentication, A2A supports text, audio, and video streams while offering secure, asynchronous interactions for long‑running tasks. The protocol promises to break down silos between specialized agents, enabling richer automation in fields such as customer service, supply chain, and healthcare, though it also raises security and scalability concerns that will need further governance. Weiterlesen

Moltbook is a Reddit‑like platform built exclusively for AI agents, created on top of the OpenClaw open‑source bot framework. Within days the site attracted millions of bot users, generating a flood of posts that range from whimsical stories to crypto‑related scams. While some AI researchers hail the network as an unprecedented glimpse of large‑scale agent interaction, security experts warn that the underlying OpenClaw software requires extensive system access and that Moltbook itself has exposed API tokens and email addresses. The platform thus sits at the intersection of hype, role‑playing, and real security risk. Weiterlesen

OpenClaw, the AI assistant that lets users manage tasks through messaging apps, is facing serious security concerns after researchers uncovered malware hidden in user‑submitted skill add‑ons on its ClawHub marketplace. Over a short period, dozens of malicious skills and hundreds of malicious add‑ons were identified, many posing as cryptocurrency tools while stealing sensitive credentials. The creator, Peter Steinberger, has introduced new publishing safeguards, but the risk of malicious code remains a notable attack surface for users granting the assistant deep device access. Weiterlesen

Enterprises adopting AI agents are exposing gaps in conventional identity and access management. Unlike static rule‑based systems, AI agents reason about data to achieve outcomes, often bypassing predefined permissions. This creates a new risk where context and intent become the attack surface, rendering role‑based and attribute‑based controls insufficient. Experts suggest shifting security focus from static access to governing intent, employing dynamic authorization, provenance tracking, and human‑in‑the‑loop oversight to mitigate the emerging threat of contextual privilege escalation. Weiterlesen

Moltbot, formerly known as Clawdbot, is an open‑source personal AI assistant that lets users automate tasks such as calendar management, messaging, and flight check‑ins. Created by Austrian developer Peter Steinberger, the project was renamed after a copyright challenge from Anthropic but kept its lobster‑themed branding. Moltbot quickly attracted thousands of developers, earning over 44,200 stars on GitHub, and sparked market buzz that lifted Cloudflare shares. While praised for its flexibility and on‑device operation, experts warn that its ability to execute arbitrary commands introduces security risks like prompt injection, urging cautious setup on isolated systems. Weiterlesen

Moltbot, an open‑source AI agent that runs locally on a range of devices, is gaining attention for its ability to handle tasks such as calendar management, email composition, and data logging through chat platforms like WhatsApp and iMessage. While users celebrate its convenience, security experts warn that its admin‑level access can be exploited via prompt‑injection attacks and exposed credentials, prompting the developers to issue patches and stress careful configuration. Weiterlesen

Anthropic has released Claude Cowork, a research‑preview AI agent built on its Claude Code technology and aimed at non‑technical users. The tool runs on macOS, lets subscribers of the $100‑a‑month plan manage files, convert documents, clean up email inboxes and interact with browsers and calendars. Claude Cowork operates through a virtual‑machine sandbox, requiring explicit folder permissions and internet connectivity. While early testers praise its ease of use for routine chores, Anthropic warns of security considerations such as prompt‑injection attacks and advises users to limit access to sensitive data. Weiterlesen

A senior police official admitted that an erroneous intelligence report about football fans was generated by Microsoft Copilot, an artificial‑intelligence tool prone to "hallucination." The mistake triggered a ban on supporters, prompting the Home Secretary to criticize the police for relying on untested AI without policy or training. Lawmakers and party leaders called for the official's resignation, highlighting concerns over the use of unreliable technology in security decisions. Weiterlesen

Generative AI tools are evolving from simple chatbots into autonomous agents that can act on a user's behalf. To deliver this functionality, companies are asking for deep access to personal data, devices, and applications. Experts warn that such access creates significant privacy and cybersecurity risks, including data leakage, unauthorized sharing, and new attack vectors. While tech giants see agents as the next wave of productivity, critics highlight the lack of user control and the potential for pervasive data collection, calling for stronger safeguards and opt‑out mechanisms. Weiterlesen

Researchers from Italy crafted poetic prompts that asked for normally prohibited content and tested them on dozens of AI chatbots. The study found that many models responded to the verses with disallowed information, revealing a vulnerability where stylistic variation alone can skirt safety filters. Success rates differed by model and company, with larger models generally more susceptible. The findings were shared with the affected firms, highlighting a new avenue for adversarial attacks on conversational AI. Weiterlesen

OpenAI disclosed that a breach at Mixpanel, a third‑party analytics provider used for its developer platform, exposed limited analytics data belonging to some API developers. The compromised information included names, email addresses, coarse location, operating system and browser details, and organization IDs. OpenAI clarified that no ChatGPT user data, passwords, API keys, payment information, or government IDs were affected. In response, the company terminated its relationship with Mixpanel, launched expanded security reviews of its vendor ecosystem, and urged developers to enable multi‑factor authentication. Weiterlesen