AI Security

Executive summary Enterprises are racing to adopt AI coding agents like Claude Code to accelerate development, improve code quality, and automate maintenance tasks. But running these agents directly on developer laptops or shared workstations quietly reshapes your threat model. You are no longer hardening a human with tools; you are giving a semi-autonomous process broad, continuous access to endpoints, credentials, and networks at machine speed. On a typical enterprise laptop, an AI coding agent can execute shell commands, install packages, run arbitrary code, talk to your host Docker daemon, touch production-like data, and probe every file and credential within reach. Even if the model is benign and your vendor is trustworthy, this is still an avoidable expansion of attack surface. Misconfiguration, prompt injection, compromised dependencies, or simple agent mistakes can all turn that power into damage. ...

Introduction AI agent skills promised to revolutionize productivity—plug-and-play instructions that let your agents book meetings, query databases, or access 1Password vaults. These modular capabilities, distributed through marketplaces like ClawHub and OpenClaw, offer the same convenience that npm and PyPI brought to software development. Organizations rushed to adopt these skills, integrating them into workflows with minimal vetting, trusting the marketplace ecosystem to ensure quality and security. But research reveals a darker reality: 36% of skills in these marketplaces contain vulnerabilities, and hundreds harbor active malicious payloads. Unlike traditional software supply chain attacks that target static packages, agent skills operate dynamically at runtime, executing natural language instructions that evade conventional security tools. This new attack vector combines the weaponization potential of software supply chain compromises with the unique exploitability of AI systems, creating a threat landscape that defenders are only beginning to understand. ...