Blog

Security research, AI agent vulnerabilities, and best practices from the HackMyAgent team.

#shield#defense-in-depth#runtime-security

From Scanning to Shielding: Defense-in-Depth for AI Agents

OpenA2A Shield combines credential protection, configuration integrity, runtime detection, and compliance scoring.

OpenA2A TeamMarch 4, 2026
#credentials#ai-coding-tools#security

Your AI Coding Tools Are Leaking Your API Keys

AI coding assistants read your .env files, terminal history, and MCP server configs. Here is how to protect credentials.

OpenA2A TeamMarch 1, 2026
#cli#security-review#opena2a

OpenA2A CLI: One-Command Security Reviews for AI Projects

Run opena2a review in any project directory and get a security posture score with credential scanning and actionable fix commands.

OpenA2A TeamFebruary 27, 2026
#oasb#benchmark#governance

OASB: Why AI Agents Need CIS-Style Security Benchmarks

OASB brings the CIS Benchmark model to agentic AI -- 46 controls, 10 categories, 3 maturity levels.

OpenA2A TeamFebruary 21, 2026
#openclaw#security#open-source#gateway#opena2a

Securing OpenClaw: 6 Security Fixes Landed in Main

We contributed 6 security fixes to OpenClaw (205K+ stars). 4 PRs merged directly, 2 adopted by maintainers. Covers credential redaction, code safety scanning, path traversal, and more.

OpenA2A TeamFebruary 17, 2026
#agent-identity#cryptography#security

How Do You Give an AI Agent a Verifiable, Auditable, Enforceable Identity?

AI agents are making decisions, calling APIs, and accessing sensitive data autonomously. But most have no real identity. Here's how to give every agent a cryptographic identity.

Abdel FaneFebruary 11, 2026
#oauth#oidc#ai-agents

OAuth and OIDC Were Never Designed for AI Agents

OAuth 2.0 and OIDC power human authentication. But AI agents aren't humans. Here's the identity gap and how AIM solves it.

Abdel FaneFebruary 10, 2026
#oasb#benchmark#security

Introducing OASB: The Security Benchmark for AI Agents

OASB defines the first comprehensive security benchmark for AI agents -- 46 controls across 10 categories with 3 maturity levels. Check compliance with HackMyAgent.

OpenA2A TeamFebruary 9, 2026
#openclaw#security#open-source

OpenClaw Merges Built-In Skill Security Scanner

PR #9806 merged into OpenClaw -- 1,721 lines adding built-in skill security scanning. 6 checks detect malicious patterns at install and update time.

OpenA2A TeamFebruary 6, 2026
#cve-2026-25253#openclaw#clawhavoc#hackmyagent

CVE-2026-25253 Now Has a Scanner: Detecting the OpenClaw WebSocket RCE

HackMyAgent v0.4.0 ships the first automated detection for CVE-2026-25253 (CVSS 8.8), expanded ClawHavoc IOCs, and 11 new security checks.

OpenA2A TeamFebruary 5, 2026
#hackmyagent#security#tutorial

I Broke My AI Agent in 5 Minutes (And You Should Too)

HackMyAgent is a security toolkit for AI agents with 4 modes: Attack, Secure, Benchmark, and Scan. Here's how to use each one.

OpenA2A TeamFebruary 4, 2026
#security-research#ai-agents#mcp

The State of AI Agent Security: 97,000 Hosts, 1,190 Exposed Configs

We scanned 97,013 internet-facing hosts for AI agent vulnerabilities. 14.4% had confirmed security issues. Here's what we found.

OpenA2A TeamFebruary 3, 2026
#nhi#governance#security

Why Your NHI Strategy Doesn't Cover AI Agents

Traditional NHI platforms manage service accounts and API keys. But AI agents are a fundamentally different class of non-human identity.

Abdel FaneFebruary 2, 2026
#openclaw#supply-chain#hackmyagent

341 Malicious Skills and a 1-Click RCE: Scanning OpenClaw for ClawHavoc

The ClawHavoc campaign planted 341 malicious skills on ClawHub. We built a scanner to detect it.

OpenA2A TeamJanuary 31, 2026
#owasp#agentic-ai#compliance

The OWASP Agentic Top 10 and What It Means for NHI Governance

How each OWASP Agentic risk maps to NHI governance capabilities.

Abdel FaneJanuary 26, 2026
#vulnerability#case-study#ai-security

The ServiceNow AI Vulnerability: What Went Wrong

ServiceNow disclosed the most severe AI-driven vulnerability to date -- exposing 85% of Fortune 500 companies.

Abdel FaneJanuary 15, 2026
#launch#aim#open-source

Introducing AIM: Open Source Security for AI Agents

AIM provides cryptographic identity, MCP attestation, trust scoring, and audit logging for AI agents.

OpenA2A TeamDecember 16, 2025
#security#echoleak#mcp

One Line of Code to Secure Your AI Agents

CVE-2025-32711 (EchoLeak) affected Microsoft Copilot. Learn how to secure your AI agents with AIM.

Abdel FaneNovember 7, 2025