Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

You can't rely on open source for security - not even when AI is involved

Open source libraries, packages, and models power nearly every product team today. They accelerate development, democratize innovation, and let teams stand on the shoulders of giants. But there’s a dangerous assumption creeping into engineering orgs: that open source — or AI trained on open source — will keep your software safe. That assumption is wrong. Open source gives you speed and community, not guaranteed security.

How autonomous AI agents like OpenClaw are reshaping enterprise identity security

The viral surge of OpenClaw (formerly Clawdbot and Moltbot) has captured the tech world’s imagination, amassing over 160,000 GitHub stars and driving a hardware rush for Mac Minis to host these 24/7 assistants.

Bitsight: AI-powered intelligence that outsmarts cyber risk

Bitsight is the global leader in cyber risk intelligence, leveraging advanced AI to empower organizations with precise insights derived from the industry’s most extensive external cybersecurity dataset. With more than 3,500 customers and over 68,000 organizations active on its platform, Bitsight delivers real-time visibility into cyber risk and threat exposure, enabling teams to rapidly identify vulnerabilities, detect emerging threats, prioritize remediation, and mitigate risks across their extended attack surface.

LLM Application for Protegrity AI Developer Edition

Securing LLM Workflows with Protegrity AI Developer Edition Learn how to protect sensitive data and prevent malicious prompt injections in your AI applications. In this technical walkthrough, Dan Johnson, Software Engineer at Protegrity, demonstrates a dual-gate security architecture designed to safeguard Large Language Models. Discover how to implement a security gateway that sits between your users and your LLM. This demonstration covers the integration of semantic guardrails and classification APIs to ensure data privacy and system integrity.

Security Considerations When Deploying AI in Legal Environments

Say a mid-sized law firm discovers that confidential case files, including privileged attorney-client communications, were exposed through an AI tool someone in the office started using without IT approval. The breach goes unnoticed for weeks. By the time they catch it, sensitive data has already been logged on external servers. This nightmare could happen to law firms that rush to adopt AI without proper security frameworks in place.

Why Cybersecurity is the Core of Corporate Survival

Is your business ready for a digital ambush? It's a loaded question, sure. But not a hypothetical one. In today's landscape, it's practically rhetorical. One phishing scam, one rogue USB stick, one "I'll-just-connect-to-this-coffee-shop-Wi-Fi-for-a-minute" moment and everything can unravel. You'd think big companies would be immune with all their resources, right? Tell that to MGM Resorts, which hemorrhaged over $100 million in 2023 due to a single compromised login. A phone call. That's all it took.

280+ Leaky Skills: How OpenClaw & ClawHub Are Exposing API Keys and PII

On Monday, February 3rd, Snyk Staff Senior Engineer Luca Beurer-Kellner and Senior Incubation Engineer Hemang Sarkar uncovered a massive systemic vulnerability in the ClawHub ecosystem (clawhub.ai). Unlike the malware campaign we reported yesterday involving specific malicious actors, this new finding reveals a broader, perhaps more dangerous trend: widespread insecurity by design. In this write-up, Snyk is presenting Leaky Skills - uncovering exposed and insecure credentials usage in Agent Skills.