Technology

Legitimate-Looking Codex Remote UI Secretly Steals Your AI Tokens

May 27, 2026 By Charlie Eriksen In Aikido

There's a new playbook in the supply chain threat landscape, where an someone builds something genuinely useful, growing a real user base. But all while stealing credentials. codexui-android is a remote web UI for OpenAI Codex. Real GitHub repo. Active development. Polished enough to get 27.000 weekly downloads. And for the past month, every single invocation has been quietly exfiltrating your Codex authentication tokens to an attacker-controlled server.

Read Post

Aikido

Read more about Legitimate-Looking Codex Remote UI Secretly Steals Your AI Tokens

Claude Code Co-authored Commits Leak Secrets At 2× The Baseline

May 27, 2026 By GitGuardian In GitGuardian

Read the full report here: https://www.gitguardian.com/state-of-secrets-sprawl-report-2026

View Video

GitGuardian

Read more about Claude Code Co-authored Commits Leak Secrets At 2× The Baseline

GitGuardian Just Gave AI Coding Agents Secret Detection Skills

May 27, 2026 By GitGuardian In GitGuardian

AI coding assistants like Claude Code and Cursor are helping developers write more code faster, but that also means more chances for secrets to slip into prompts, files, commits, and tool outputs. GitGuardian’s new open-source **agent-skills** repository teaches AI agents how to use **ggshield** directly inside the developer workflow: when to scan, how to read findings, and how to guide remediation for leaked credentials.

View Video

GitGuardian

Read more about GitGuardian Just Gave AI Coding Agents Secret Detection Skills

OpenAI and the environment AI inherits

May 27, 2026 By Grady Summers In Netwrix

AI inherits the access permissions that accumulated quietly in organizations for years. Frontier models eliminate the obscurity that once limited what attackers, and even employees, could reach. Sensitive data, stale service accounts, and unreviewed permissions now surface in seconds. Governing identity and access before connecting AI determines whether frontier models become a force multiplier or a compounding risk.

Read Post

Netwrix

Read more about OpenAI and the environment AI inherits

Our comments to NIST: AI agent security starts with human identity verification

May 27, 2026 By Will Wilkinson In Persona

AI agents have developed advanced capabilities faster than most would have imagined. In enterprise contexts, workforces are delegating more and more tasks to them. While the promise of increased productivity is enticing, the shift from deterministic automated tools to agentic autonomous systems introduces security risks that most enterprises haven’t prepared for.

Read Post

Persona

Read more about Our comments to NIST: AI agent security starts with human identity verification

Shadow AI Is Already In Your Company - What Can You Do About It?

May 27, 2026 By Cyberhaven In Cyberhaven

In this video, you will learn why static domain-blocking strategies fail against the modern Shadow AI ecosystem, how Generative AI wrappers, browser extensions, and personal accounts bypass corporate firewalls without triggering an alert, and why network-layer inspection cannot distinguish proprietary code from public Stack Overflow snippets. We break down the limitations of traditional DLP at the clipboard layer, explain how data lineage replaces application allow-lists, and show how the "Glass House" model lets enterprises enable AI productivity while strictly gating sensitive data movement.

View Video

Cyberhaven

Read more about Shadow AI Is Already In Your Company - What Can You Do About It?

Defending Against the Next Generation of Agentic Attacks

May 27, 2026 By Cato Networks In Cato Networks

The attack lifecycle is compressing. Frontier AI models like Anthropic’s Mythos and OpenAI’s GPT-5.5-Cyber can help bad actors research vulnerabilities, test approaches, adapt code, and change delivery methods at machine speed and scale. That reduces the time, skill, and coordination needed to move from vulnerability discovery to active attack. When attacks behave this way, security needs to operate in real time with full visibility and context across the attack path.

View Video

Cato Networks

Read more about Defending Against the Next Generation of Agentic Attacks

Agentic Identity Is Not NHI With a Brain

May 27, 2026 By AppSentinels In AppSentinels

The non-human identity (NHI) problem was always the same problem: too many service accounts, too few owners, too many secrets in too many places. They sat where we left them, quietly piling up privilege, outliving the engineer who created them. Eventually someone, an auditor, sometimes an attacker, went looking and found them. Agents are a different problem.

Read Post

AppSentinels

Read more about Agentic Identity Is Not NHI With a Brain

Uncovering LLM Vulnerabilities: Insights from the AI Security Testing Front Line

May 27, 2026 By Kroll In Kroll

Artificial intelligence (AI) is transforming the business landscape at an accelerated pace. The announcement of Mythos from Anthropic, with its limited public release, is just one example of how LLMs are changing the speed at which unknown flaws in IT systems can be exposed.

Read Post

Kroll

Read more about Uncovering LLM Vulnerabilities: Insights from the AI Security Testing Front Line

Continuous Offensive Security: The Line We've Been Walking

May 27, 2026 By Nuno Loureiro In Snyk

AI Pentesting is having a moment. Well, several moments, actually. Every other week, another vendor announces something, or another LLM-driven pentesting tool tops some benchmark on a target nobody's heard of, another deck claims a new "gold standard" being disrupted, at long last... It's been busy.

Read Post