A hostile string in MCP's `command` field is a working RCE on the next agent restart. 10+ public CVEs already follow this shape. Here is how Imunify for AI Agents stops it at three layers — before it reaches the shell.
Read more →OpenClaw ships a mail skill that wires the agent up to the himalaya CLI. Here's how that email path actually works, what the agent sees, what the shell sees, and why that split turns a mundane feature into an exfiltration channel.
Read more →Deep technical analysis of the March 2026 TeamPCP supply chain attack that compromised LiteLLM — 95M monthly downloads, credential theft, Kubernetes lateral movement, and persistent backdoors.
Read more →