Research & Analysis
Blog
Security research, AI agent benchmarks, vulnerability analysis, and best practices from the OpenA2A team.
Introducing OASB: The Security Benchmark for AI Agents
OASB defines the first comprehensive security benchmark for AI agents — 46 controls across 10 categories with 3 maturity levels.
OpenClaw Merges Built-In Skill Security Scanner
PR #9806 merged 1,721 lines into OpenClaw adding a code safety scanner that detects malicious patterns in skills on install and update.
CVE-2026-25253 Now Has a Scanner: Detecting the OpenClaw WebSocket RCE
HackMyAgent v0.4.0 ships the first automated detection for CVE-2026-25253 (CVSS 8.8), expanded ClawHavoc IOCs, and 11 new security checks.
The State of AI Agent Security: 97,000 Hosts, 1,190 Exposed Configs
We scanned 97,013 internet-facing hosts for AI agent vulnerabilities. 14.4% had confirmed security issues.
I Broke My AI Agent in 5 Minutes (And You Should Too)
HackMyAgent is a security toolkit for AI agents with 4 modes: Attack, Secure, Benchmark, and Scan.
Why Your NHI Strategy Doesn't Cover AI Agents
Traditional NHI platforms manage service accounts and API keys. AI agents are a fundamentally different class.
341 Malicious Skills and a 1-Click RCE: Scanning OpenClaw for ClawHavoc
The ClawHavoc campaign planted 341 malicious skills on ClawHub. We built a scanner to detect it.
The OWASP Agentic Top 10 and What It Means for NHI Governance
How each OWASP Agentic risk maps to NHI governance capabilities.
The ServiceNow AI Vulnerability: What Went Wrong
ServiceNow disclosed the most severe AI-driven vulnerability to date.
Introducing AIM: Open Source Security for AI Agents
AIM provides cryptographic identity, MCP attestation, trust scoring, and audit logging.
One Line of Code to Secure Your AI Agents
CVE-2025-32711 (EchoLeak) affected Microsoft Copilot. Learn how to secure your AI agents.