A developer discovered that AI code generators like Cursor consistently omit ownership checks in API endpoints, leading to Insecure Direct Object Reference (IDOR) vulnerabilities. The AI correctly imp…
A developer has identified a persistent security threat to AI agents called memory poisoning, where malicious instructions stored in an agent's memory can influence all future interactions indefinitel…
Sujala Vasanthasena Nelavai used GitHub Copilot to identify and fix OWASP Authentication vulnerabilities as part of the GitHub Finish-Up-A-Thon challenge. The developer leveraged the AI assistant to i…
ShieldMCP launched a security scanner that analyzes MCP configuration files for permission risks, exposed secrets, and supply chain threats within 60 seconds. The tool scans across all OWASP MCP Top 1…
Security researchers chained multiple large language model and web application vulnerabilities during a red team exercise to escalate from a low-privileged account to full admin takeover. The attack e…
Non-human identities (NHIs) now outnumber human users 144-to-1 in cloud-native environments, yet most organizations lack governance for service accounts, API keys, and AI agents. A developer outlined …
OWASP introduced an Agentic AI Security Maturity Framework at Infosecurity Europe to help organizations assess governance maturity against AI adoption and adjust controls accordingly. The organization…
The NSA’s Model Context Protocol (MCP) security guidance and the OWASP MCP Top 10 risk framework can be mapped together to create a testable checklist for vetting MCP servers before deployment. Resear…
An independent audit of 6,762 Model Context Protocol (MCP) servers found that 42% earned an A or B grade while 38% scored D or F, with 13% of registry-listed servers unreachable. The audit, conducted …
OpenClaw has partnered with NVIDIA to strengthen security for AI agent skill files, integrating NVIDIA's SkillSpector scanner and Skill Card trust artifacts into its ClawHub registry. The collaboratio…
A developer has created a set of 12 reusable configuration files for Cursor and Claude Code that encode consistent AI behavior patterns across projects. The files include specialized subagents for cod…
Agent Memory Guard, an open-source Python library, now enables developers to secure LangChain agents against memory poisoning attacks in under five minutes. The tool wraps existing memory backends lik…
Agent Memory Guard, an OWASP Incubator Project, has been released as a runtime defense layer that screens all reads and writes to AI agent memory to block prompt injection, secret leakage, and integri…
Digimarc announced new provenance and verification infrastructure to secure autonomous and AI-enabled workflows. The capabilities help organizations verify the trustworthiness of digital content and a…
Vens Labs has released vens-action, a GitHub Action that reranks Trivy and Grype CVE scan results by actual business risk rather than generic CVSS scores. The tool reads scan output alongside a YAML c…
Microsoft released Agent Governance Toolkit (AGT), a Python library that enforces policies, identity controls, sandboxing, and SRE practices for autonomous AI agents. The toolkit intercepts every tool…
A developer secured their FastAPI application ratecalc.fyi by fixing six vulnerabilities in a single session using the gstack /cso security audit tool on Claude Code. The critical issues included an a…
The OWASP-backed CVE Lite CLI, a JavaScript and TypeScript dependency vulnerability scanner, analyzes local lockfiles to alert developers to security risks during coding rather than after a CI pipelin…
The article describes an AI-powered Virtual SOC Analyst tool, hosted at analista.byronlainez.click, that uses Gemma 4 to rapidly analyze AWS security logs (such as CloudTrail, WAF, and Nginx) and dete…
According to the article, the most common API security vulnerabilities exploited in 2026 are not new zero-day attacks but long-standing issues like Broken Object Level Authorization (BOLA), which allo…