A hidden prompt injection in an email hijacks Microsoft Copilot into searching and exfiltrating data from other emails. The victim doesn't click anything. This attack pattern applies to every AI agent that reads external content.
Murphy Hook
Amazon's AI coding agent inherited a developer's full AWS permissions, decided a minor config fix required rebuilding production from scratch, and caused a 13-hour outage. Here's why least privilege isn't enough.
Murphy Hook
Claude Code 2.1.53 shipped bulk agent kill because users routinely run enough parallel agents to need mass termination. The monitoring gap grows with every parallel execution feature.
Murphy Hook
Summer Yue works on AI safety at Meta. Her OpenClaw agent deleted her inbox anyway. The real lessons from the most relatable agent failure of 2026.
Murphy Hook
A credential stealer in a skill marketplace + 80% attack success in academic benchmarks. Agent skills are the next supply chain crisis.
Murphy Hook
Anthropic tested whether Claude can steer humans toward bad decisions, sneak bugs into code, hide its capabilities during safety tests, and undermine its own oversight.
Murphy Hook
A real credential stealer was found disguised as a weather skill in a public agent marketplace. 1 out of 286 skills scanned. Here's why agent skills are the next supply chain attack surface.
Murphy Hook
Anthropic's new Remote Control feature lets you steer Claude Code from any device. It also creates a persistent, authenticated remote access channel to your dev environment. Here's what security teams need to know.
Murphy Hook