DeepMind Maps Six Attack Traps Targeting AI Agents
A Google DeepMind paper introduces the first systematic taxonomy of adversarial traps that can hijack autonomous AI agents - and every category already has working proof-of-concept exploits.
Security
claw-code Hits 100K Stars After Claude Code Npm Leak
A missing .npmignore entry in Claude Code 2.1.88 exposed 512,000 lines of TypeScript source, spawned the fastest-growing GitHub repo ever, and revealed unshipped features Anthropic never announced.
Cisco DefenseClaw Locks Down AI Agents at RSA
Cisco open-sourced DefenseClaw at RSA 2026 - a five-minute install that scans agent skills, MCP servers, and AI-generated code before they run, with 2-second policy enforcement and Splunk telemetry built in.
LiteLLM Was Hacked Through Its Own Vulnerability Scanner
The LiteLLM supply chain attack originated from Trivy - the security scanner in LiteLLM's CI/CD pipeline. TeamPCP compromised Trivy, stole the PyPI publishing token, and uploaded backdoored packages directly.
LiteLLM Compromised: Credential Stealer in PyPI Package
LiteLLM versions 1.82.7 and 1.82.8 contain a credential-stealing payload that exfiltrates SSH keys, cloud credentials, and crypto wallets to a lookalike domain. The package has 97 million monthly downloads.
Meta's Rogue AI Agent Triggered a Sev 1 Security Breach
An internal Meta AI agent posted to an employee forum without authorization, setting off a two-hour cascade that exposed sensitive internal systems to engineers who lacked clearance.
