How recruitment fraud turned cloud IAM into a $2 billion attack surface

A developer gets a LinkedIn message from a recruiter. The role looks legitimate. The coding assessment requires installing a package. That package exfiltrates all cloud credentials from the developer� [...]

OpenClaw has 500,000 instances and no enterprise kill switch

“Your AI? It’s my AI now.” The line came from Etay Maor, VP of Threat Intelligence at Cato Networks, in an exclusive interview with VentureBeat at RSAC 2026 — and it describes exactly what hap [...]

In the wake of Claude Code's source code leak, 5 actions enterprise security leaders should take now

Every enterprise running AI coding agents has just lost a layer of defense. On March 31, Anthropic accidentally shipped a 59.8 MB source map file inside version 2.1.88 of its @anthropic-ai/claude-code [...]

The best live TV streaming services to cut cable in 2025

Around ten years ago, as the price of cable rose to untenable heights, live TV streaming services arrived as the low-cost, contract-free antidote. The services are still blissfully easy to walk away f [...]

RSAC 2026 shipped five agent identity frameworks and left three critical gaps open

“You can deceive, manipulate, and lie. That’s an inherent property of language. It’s a feature, not a flaw,” CrowdStrike CTO Elia Zaitsev told VentureBeat in an exclusive interview at RSA Conf [...]

The Morning After: A closer look at Facebook’s leadership

For all of the money and clout Meta has, it can’t stop the triennial emergence of a whistleblower revealing how awful its leadership is. Careless People, the tell-all memoir from former staffer Sara [...]

Researchers broke every AI defense they tested. Here are 7 questions to ask vendors.

Security teams are buying AI defenses that don't work. Researchers from OpenAI, Anthropic, and Google DeepMind published findings in October 2025 that should stop every CISO mid-procurement. Thei [...]

Anthropic published the prompt injection failure rates that enterprise security teams have been asking every vendor for

Run a prompt injection attack against Claude Opus 4.6 in a constrained coding environment, and it fails every time, 0% success rate across 200 attempts, no safeguards needed. Move that same attack to [...]

Infostealers added Clawdbot to their target lists before most security teams knew it was running

Clawdbot's MCP implementation has no mandatory authentication, allows prompt injection, and grants shell access by design. Monday's VentureBeat article documented these architectural flaws. [...]