Big model technology is evolving from generative AI to an intelligent body with deep reasoning capability, pushing cybersecurity from rule-driven to AI-native mode. solutions such as Claude Code Security realize intelligent discovery and closed-loop remediation of vulnerabilities through architectural mapping and data-flow tracking, reshaping the security of the software supply chain and triggering a drastic change in the pattern of the traditional security market.
Key points include:
1. From generation to reasoning: the large model has evolved from text completion to an intelligent body with code understanding and task planning capabilities, supporting complex logical analysis and autonomous decision-making.
2. Security paradigm shift: the big model in vulnerability detection, threat intelligence, code repair and other aspects beyond the traditional rules system, to achieve from “auxiliary tools” to “defense core” role upgrade.
3. Claude Code Security mechanism: This solution provides real-time, intelligent code security analysis integrated into the development process, relying on three major capabilities: architecture mapping, data flow tracking and closed-loop repair.
4. Industry landscape impact: AI-native security solutions have led to a decline in the share price of traditional security companies, driving toolchain consolidation, lowering the defense threshold, and compressing the vulnerability exploitation window.
5. Technical limitations exist: model illusions can lead to false positives and inference accuracy in highly customized or closed architectures remains challenging and requires continuous validation and optimization.

Claude Desktop Extension leads to a zero-click remote code execution vulnerability based on indirect prompt injection due to a sandbox-less architecture and granting full system privileges to the AI agent. The vulnerability exploits a design flaw in the MCP protocol that lacks trust boundaries, allowing an attacker to achieve arbitrary code execution by contaminating external data sources. Despite the highest risk rating, the vendor refused to fix the vulnerability on the grounds that it was "outside of the threat model," sparking widespread controversy over the division of security responsibilities in the age of AI. This case highlights the fundamental security risks of AI agent systems in terms of privilege control and input validation.
Key points include:
1. High-privilege sandbox-less architecture: Claude DXT runs as a local MCP server, detached from the browser sandbox, inheriting all system privileges from the user, creating a high-risk attack surface.
2. Zero-hit indirect prompt injection: The attacker embedded malicious commands in legitimate data sources such as Google Calendar, inducing the AI agent to obtain and mistakenly execute them on its own, with no user interaction required.
3. MCP Protocol Trust Boundary Failure: The Model Context Protocol allows the output of low-risk operations to directly trigger high-risk system calls, resulting in an "obfuscated agent" vulnerability that makes the AI a springboard for attack.

Critical levels (6): cue injection, jailbreak cueing, AI supply chain compromise, training data poisoning, model inversion, deep faking
Advanced (10): model misuse, shadow cueing, cue obfuscation, adversarial cue chaining, internal misuse, regulatory non-compliance, AI social engineering, human error, watermark circumvention, algorithmic bias
Intermediate (4): data breach, brand damage, DoS attack, lack of auditability
Low-level (1): cross-model inconsistency

This article is based on the Imperva 2025 Malicious Robots Report, which reveals three core trends:
The New Normal of Automated Traffic: Automated traffic surpassed human traffic for the first time in 2024, accounting for 511 TP3T, of which 371 TP3T were malicious bots, and growing for six consecutive years, marking a structural change in Internet interaction patterns and a new stage in enterprise security challenges.
AI-enabled attack evolution: the proliferation of Artificial Intelligence (AI) and Large Language Models (LLMs) has significantly lowered the attack threshold, fueling the scale and sophistication of malicious automated attacks. ai is not only used to generate bots, but it also drives them to analyze, learn, and optimize escape techniques, spawning advanced bots that are more evasive, and leading to an increase in business logic attacks.
APIs Become New Focus of Attacks: With the popularity of microservices and mobile apps, APIs have become a prime target for malicious bots due to their concentrated value, relatively weak defenses, and ease of automation.44% of advanced bot traffic was directed to APIs, and the financial services and telecom industries were the most severely attacked, with data scraping, payment fraud, and account takeover being the main attack tactics.
In addition, the article analyzes in detail the resurgence of account takeover (ATO) attacks, noting their year-over-year growth of 40% in 2024, and explores the drivers of the surge in ATO attacks, the most impacted industries, and the regulatory penalties they may face. Finally, the paper proposes a multi-layered, adaptive defense-in-depth strategy, including going beyond traditional WAFs, strengthening API security, countering ATOs, building a unified security view, and continuous monitoring and threat intelligence, which is designed to help enterprises effectively counter the increasingly intelligent and scaled threat of malicious bots and protect digital assets and business continuity.

With the rapid development of Artificial Intelligence (AI) technology, open source AI intelligences (Agents) represented by OpenClaw are reshaping human-computer interaction and task automation in an unprecedented way. However, its powerful features and open ecosystem also bring serious security challenges. This paper provides an in-depth look at the security risks faced by OpenClaw's architecture, functionality, and its ecosystem (especially the ClawHub skill marketplace), and analyzes in detail its solution for integrating the VirusTotal scanning engine to detect and mitigate malicious skill threats. The article aims to provide researchers and practitioners in the field of AI security with a case study on the security governance of the intelligentsia ecosystem, as well as reflections on the future direction of AI supply chain security.

In early 2026, OpenClaw, an open source AI agent (Agent), was exposed to a high-risk One-Click Remote Code Execution (One-Click RCE) vulnerability (CVE-2026-25253). The vulnerability stems from a design flaw in its Control UI, which allows an attacker to steal authentication tokens with elevated privileges by tricking a user into clicking on a well-constructed malicious link, and ultimately execute arbitrary code on the victim's device. In this paper, we will analyze the principle of the vulnerability, the attack chain, the exploitation code (POC/EXP), and provide the corresponding fixes.

With the popularity of large models (LLMs), open-source localized deployment frameworks, represented by Ollama, have dramatically lowered the threshold for developers to use and manage AI models. However, this convenience has also spawned new, large-scale security risks. A recent study jointly published by SentinelOne, Censys, and Pillar Security reveals the startling fact that there are more than 175,000 publicly exposed instances of Ollama on the Internet globally, creating a massive AI computing infrastructure security attack surface risk
This report aims to analyze the technical aspects of this incident. This report aims to provide an in-depth technical analysis of this incident, analyze its attack surface, realistic threats, systemic risks, and propose corresponding enterprise-level security hardening and governance strategies.

With the deep integration of large models (LLMs) and automated workflows, personal AI agents represented by OpenClaw (once known as Clawdbot) are rapidly gaining popularity. Their powerful system integration capabilities have brought unprecedented security challenges to organizations while improving efficiency. This paper aims to provide a comprehensive technical guide for enterprise decision makers, security engineers and developers to deeply analyze the core risks faced by OpenClaw in enterprise environments, and to provide a set of systematic security hardening solutions and best practices to ensure that while enjoying the dividends of AI automation, potential security risks can be effectively managed and controlled.

Cursor is an AI-driven IDE based on the open source project Visual Studio Code (VS Code), which deeply integrates generative big language models (e.g., GPT-4, Claude) to provide developers with intelligent code generation, auto-completion, and bug fixing. Its core features include Cursor Tab (intelligent code completion), Agent Mode (autonomous code generation) and Model Context Protocol (MCP) integration.

ChainLeak, a high-risk security vulnerability in the Chainlit framework, including the principle of arbitrary file reading and SSRF vulnerability, attack demonstration, and protection recommendations for AI security practitioners and enterprise security teams.