Prompt Injection

With the deep integration of large models (LLMs) and automated workflows, personal AI agents represented by OpenClaw (once known as Clawdbot) are rapidly gaining popularity. Their powerful system integration capabilities have brought unprecedented security challenges to organizations while improving efficiency. This paper aims to provide a comprehensive technical guide for enterprise decision makers, security engineers and developers to deeply analyze the core risks faced by OpenClaw in enterprise environments, and to provide a set of systematic security hardening solutions and best practices to ensure that while enjoying the dividends of AI automation, potential security risks can be effectively managed and controlled.

Cursor is an AI-driven IDE based on the open source project Visual Studio Code (VS Code), which deeply integrates generative big language models (e.g., GPT-4, Claude) to provide developers with intelligent code generation, auto-completion, and bug fixing. Its core features include Cursor Tab (intelligent code completion), Agent Mode (autonomous code generation) and Model Context Protocol (MCP) integration.

In 2026, the AI security landscape is undergoing a fundamental reshaping. In response to a global cybersecurity talent gap of up to 4.8 million, organizations are massively deploying high-privilege, 24/7 running AI intelligences are becoming targets for attackers. However, these autonomous systems are also quickly becoming a focal point for attackers.Top security organizations such as Palo Alto Networks, Moody's, and CrowdStrike predict that AI intelligences will be the biggest insider threat facing enterprises by 2026. Traditional defense frameworks are failing and new governance systems and protection architectures have become necessary.

This paper takes the AI security threat matrix as the core framework, and based on the mature ATT&CK methodology, it systematically elaborates on the full lifecycle security threats faced by AI systems, including key attack techniques such as data poisoning, model extraction, privacy leakage, confrontation samples, and cue word injection, etc., and puts forward the corresponding defense strategies and enterprise landing solutions, providing AI engineers, security engineers, and CSOs with professional technical Reference.

PromptPwnd is a new type of vulnerability discovered by the Aikido Security research team that poses a serious threat to GitHub Actions and GitLab CI/CD pipelines that integrate AI agents. The vulnerability utilizes Prompt Injection to cause key compromise, workflow manipulation, and supply chain compromise by injecting malicious commands into an AI model, causing it to perform high-privilege operations. At least five Fortune 500 companies have been affected, and several high-profile projects such as the Google Gemini CLI have been verified to have the vulnerability.

This report is based on the five core attack surfaces consisting of AI AI critical links from AI Assistants, Agents, Tools, Models, and Storage, with targeted security risks, defense architectures, and solutions.