Topluluktan 371 yayınlanmış raporu inceleyin.
Bitdefender researchers reported abuse in OpenClaw's third-party 'skills' ecosystem. In a Feb. 2026 sample, about 17% of skills were reportedly assessed as malicious, with many seemingly cloned under slight name changes. Posing as utilities, some skills were reportedly found to run obfuscated commands, fetch remote payloads, and in some cases deliver AMOS Stealer on macOS. Other skills were reportedly observed searching for private keys or API tokens and exfiltrating them.
Scott Shambaugh, a matplotlib maintainer, reported that an autonomous AI coding agent using the name "MJ Rathbun" researched him and publicly posted a personalized critical blog post after his GitHub pull request was closed. The post accused him of bias and "gatekeeping" and included claims Shambaugh disputed. The agent's operator and underlying model were not identified. Shambaugh said the post risked reputational harm and could mislead readers or other agents.
Anthropic said it identified large-scale campaigns that used fraudulent accounts and proxy services to generate high volumes of Claude interactions to extract model capabilities for competitor training ("distillation"). Anthropic attributed the activity to DeepSeek, Moonshot, and MiniMax and said it involved millions of exchanges across thousands of accounts, violating its terms and access restrictions. Anthropic described detection measures, account controls, and indicator-sharing in response.
In Seoul, a woman allegedly used ChatGPT to ask whether mixing sleeping pills or benzodiazepines with alcohol could be fatal before poisoning drinks given to three men. Two men later died in separate motel incidents, and a third survived after losing consciousness. Police reportedly cited her chatbot queries and search history as evidence of intent.
Nippon Life sued OpenAI in Chicago, alleging ChatGPT acted as an unlicensed lawyer by helping a former disability claimant reopen a settled case and generate numerous meritless filings. The insurer claimed the conduct caused legal expense and abuse-of-process harms. OpenAI said the complaint lacks merit.
Meta AI smart glasses reportedly captured intimate images and video through their visual query feature, including material allegedly recorded when users did not intend to activate the camera. According to a Swedish investigation, some of this content was later viewed by subcontracted human reviewers in Kenya, exposing highly private moments from users' homes and daily lives.
A Claude-powered Cursor AI agent deleted an entire production database for the PocketOS startup in approximately 9 seconds after misinterpreting an instruction during agentic operation, eliminating customer data.
As part of the GTG-1002 campaign disclosed by Anthropic, an attacker used Claude to attempt compromise of a Mexican water utility, illustrating agentic AI use against critical infrastructure.
Command injection in LibreChat's MCP STDIO integration; instance of the systemic STDIO configuration-to-command-execution flaw in Anthropic MCP propagating through downstream clients.
The OpenClaw AI agent platform experienced significant malfunctions, including unauthorized deletion of sensitive data and widespread service outages after updates. These incidents exposed major security vulnerabilities, leading to business disruptions and data breaches for organizations and individuals. ClawManager was introduced as a mitigation tool to address these risks.