AI Security & Trust
-
OneCLI Puts a Security Gateway Between Your AI Agents and Your API Keys
AI agents are calling more APIs than ever — and most of them are doing it with raw, unscoped API keys sitting in environment variables. If a prompt injection attack tricks your agent into exfiltrating data, those keys go with it. OneCLI, an open-source credential vault written in Rust, offers a different architecture: agents never… Continue reading
-
An AI Agent Broke Into McKinsey’s Internal Platform in 2 Hours — Using a Decades-Old SQL Injection
SQL injection was supposed to be a solved problem. It’s been in the OWASP Top 10 since the list existed. Every CS student learns about it. Every framework has built-in protections. And yet, in late February 2026, an autonomous AI agent built by a startup called CodeWall.ai exploited exactly this vulnerability to gain full read-write… Continue reading
-
OpenAI Just Acquired Promptfoo — The $86M AI Security Startup Used by 25% of Fortune 500
OpenAI dropped a big announcement on March 9, 2026: it’s acquiring Promptfoo, the open-source AI red-teaming platform that’s become the go-to security testing tool for enterprise AI deployments. The deal marks OpenAI’s clearest signal yet that AI agent safety isn’t just a research priority — it’s a product one. What Happened OpenAI confirmed plans to… Continue reading
-
Grammarly AI Expert Review: Getting Feedback From Dead Scholars They Never Agreed To Give
So here’s a wild one. Grammarly — which now operates under the Superhuman brand after a rebrand in late 2025 — rolled out a feature called “Expert Review” that lets you pick a real-world scholar or writer to “review” your manuscript. Sounds cool in theory, right? Except they forgot one tiny detail: actually asking those… Continue reading
-
Agent Safehouse: Finally, a Dead-Simple Way to Stop AI Agents From Roaming Your Mac
If you’ve been letting Claude Code, Codex, or Aider run loose on your machine, you’ve probably had that moment — the one where you realize your coding agent has full access to your SSH keys, your `.env` files, and every repo on your system. It’s a weird feeling, like handing your house keys to a… Continue reading
-
Your Anonymous Posts Aren’t Anonymous Anymore — Inside the LLM 大规模去匿名化研究
So here’s something that should make you uncomfortable: a group of researchers just proved that LLMs can figure out who you are from your “anonymous” online posts, and they can do it at scale for about four bucks per person. The paper, [“Large-scale online deanonymization with LLMs”](https://arxiv.org/abs/2602.16800), comes from [MATS Research](https://www.matsprogram.org/research/large-scale-online-deanonymization-with-llms) — authored by Simon… Continue reading
Top AI Product 