Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

mend

You can't rely on open source for security - not even when AI is involved

Feb 6, 2026 By Jeff Martin In Mend
Open source libraries, packages, and models power nearly every product team today. They accelerate development, democratize innovation, and let teams stand on the shoulders of giants. But there’s a dangerous assumption creeping into engineering orgs: that open source — or AI trained on open source — will keep your software safe. That assumption is wrong. Open source gives you speed and community, not guaranteed security.
Read Post
Security Considerations When Deploying AI in Legal Environments

Security Considerations When Deploying AI in Legal Environments

Feb 6, 2026 By SecuritySenses In SecuritySenses
Say a mid-sized law firm discovers that confidential case files, including privileged attorney-client communications, were exposed through an AI tool someone in the office started using without IT approval. The breach goes unnoticed for weeks. By the time they catch it, sensitive data has already been logged on external servers. This nightmare could happen to law firms that rush to adopt AI without proper security frameworks in place.
Read Post
Why Cybersecurity is the Core of Corporate Survival

Why Cybersecurity is the Core of Corporate Survival

Feb 6, 2026 By SecuritySenses In SecuritySenses
Is your business ready for a digital ambush? It's a loaded question, sure. But not a hypothetical one. In today's landscape, it's practically rhetorical. One phishing scam, one rogue USB stick, one "I'll-just-connect-to-this-coffee-shop-Wi-Fi-for-a-minute" moment and everything can unravel. You'd think big companies would be immune with all their resources, right? Tell that to MGM Resorts, which hemorrhaged over $100 million in 2023 due to a single compromised login. A phone call. That's all it took.
Read Post
Snyk

280+ Leaky Skills: How OpenClaw & ClawHub Are Exposing API Keys and PII

Feb 5, 2026 By Luca Beurer-Kellner In Snyk
On Monday, February 3rd, Snyk Staff Senior Engineer Luca Beurer-Kellner and Senior Incubation Engineer Hemang Sarkar uncovered a massive systemic vulnerability in the ClawHub ecosystem (clawhub.ai). Unlike the malware campaign we reported yesterday involving specific malicious actors, this new finding reveals a broader, perhaps more dangerous trend: widespread insecurity by design. In this write-up, Snyk is presenting Leaky Skills - uncovering exposed and insecure credentials usage in Agent Skills.
Read Post

Attackers exploited OpenClaw's popularity #cybersecurity #ai #podcast

Feb 5, 2026 By LimaCharlie In LimaCharlie
In this week's Intel Chat, Chris Luft and Matt Bromiley discuss how a malicious VS Code extension impersonated OpenClaw (formerly ClawdBot) to distribute remote access malware to developers. Matt breaks down a critical pattern: whenever there's a stampede toward new technology, threat actors will find a way to inject a malicious version of it. The episode also covers PeckBirdie (a JScript-based C2 framework), Shiny Hunters' massive phishing campaign, and a Russian cyberattack on Poland's power grid.
View Video
aikido

Building continuous compliance with Aikido and Comp AI

Feb 5, 2026 By Trusha Sharma In Aikido
Compliance evidence only works if it reflects the current state of the system. At Aikido, we’ve always treated compliance as a byproduct of good security, not a separate exercise teams need to prepare for. That’s why Aikido integrates with multiple compliance platforms. The goal is simple: let teams use the security data generated in Aikido wherever they run their compliance programs, without changing how they work or maintaining parallel processes.
Read Post
knowbe4

Attackers Can Use LLMs to Generate Phishing Pages in Real Time

Feb 5, 2026 By KnowBe4 Team In KnowBe4
Researchers at Palo Alto Networks’ Unit 42 warn of a proof-of-concept (PoC) attack technique in which threat actors could use AI tools to generate malicious JavaScript in real time on seemingly innocuous webpages. “Once loaded in the victim's browser, the initial webpage makes requests for client-side JavaScript to popular and trusted LLM clients (e.g., DeepSeek and Google Gemini, though the PoC could be effective across a number of models),” the researchers write.
Read Post
veracode

Managing Software Supply Chain Security for the AI Era

Feb 5, 2026 By Natalie Tischler In Veracode
Artificial intelligence has fundamentally changed how we build software. Generative AI tools help developers write code faster, automate mundane tasks, and solve complex logic problems in seconds. But this speed comes with a hidden cost. When you accelerate development without adjusting your security posture, you inadvertently accelerate risk. Relying on AI-generated code and open-source packages in cloud environments can expose your organization to serious, often silent, vulnerabilities.
Read Post
LimaCharlie

Viberails: Guardrails for AI Operations.

Feb 5, 2026 By LimaCharlie In LimaCharlie
Sr. Technical Content Strategist The recent attention on OpenClaw brought something we've known for a while at LimaCharlie into sharp focus: Unrestricted AI operations are extremely powerful and incredibly risky. The security challenges presented by AI adoption can rival the productivity gains it delivers. Unrestricted AI agents can read credentials, execute commands, send emails, and make API calls without meaningful oversight.
Read Post

Cloudflare AI Security Suite: Protect AI-powered apps with Firewall for AI

Feb 5, 2026 By Cloudflare In Cloudflare
AI is powerful and organizations continue to adopt AI at a rapid pace, but without protections in place, it’s risky. In this session, you'll learn about the risks Enterprises face around AI and how Cloudflare provides a layered security approach incorporating AI Security. We’ll walk through how you can secure your AI-powered applications with Cloudflare.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.