Attack breakdowns, CVE analysis, runtime defense strategies, and agent firewall implementation. All research is backed by working code in Pipelock.
- April 12, 2026
Why AI Guardrails Aren't Enough for Agent Security
AI guardrails classify prompts and completions at the model layer. They miss everything that happens in HTTP, MCP, and tool responses. Here's what else you need.
- April 12, 2026
The AI Agent Security Acquisition Wave: What It Means for Buyers
Six AI agent security deals announced in recent months (five closed, one pending). What the consolidation means for buyers, and why permissive licensing still matters.
- April 12, 2026
Best AI Agent Security Tools 2026: 15 Options Compared
15 AI agent security tools compared: runtime firewalls, MCP scanners, gateways, and governance platforms. What each catches and where the gaps are.
- April 12, 2026
Why Domain Allowlists Aren't Enough for AI Agent Security
Domain allowlisting is a necessary first layer for agent egress control. It is not sufficient on its own. Here's what gets through, with receipts.
- April 12, 2026
MCP Scanner Comparison: Cisco vs Snyk vs Pipelock
Three MCP security tools compared: Cisco mcp-scanner, Snyk agent-scan (formerly Invariant), and Pipelock. What each catches and where they differ.
- April 12, 2026
The State of MCP Security 2026: Incidents, Attack Patterns, and Defense Coverage
A data-backed look at MCP security in 2026: public incidents, disclosed CVEs, OWASP MCP Top 10 mapping, and control coverage across scanners, gateways, and runtime inspection.
- April 8, 2026
Claude Mythos Can Find Zero-Days. What Happens When Your Coding Agent Can Too?
Anthropic's Mythos model finds zero-day vulnerabilities autonomously. That same capability, running inside a coding agent with your credentials, is a different kind of threat.
- April 6, 2026
I published my benchmark scores. Your turn.
151 adversarial test cases. 17 attack categories. Every score published. Pipelock runs the gauntlet before every release and posts the results for anyone to see.
- April 4, 2026
LinkedIn Scanned 6,222 Browser Extensions. Your AI Agent's Browser Is Next.
LinkedIn's BrowserGate scandal exposed mass extension fingerprinting via first-party JavaScript. The same technique works against headless Chromium browsers running AI agents, and DNS blocking can't stop it.
- March 25, 2026
When Your AI Agent Makes an HTTP Request
You gave your AI agent your secrets and network access. Three things can go wrong, and none of them look like traditional security problems.
- March 11, 2026
Cross-Request Exfiltration: 5 Requests Leak a Key
Per-request DLP scans each request in isolation. An agent that splits a secret across five requests gets five clean scans and a successful exfiltration. Cross-request detection fixes that.
- March 8, 2026
We built a test corpus for AI agent egress security tools
72 attack cases across 8 categories. Secret exfiltration, prompt injection, MCP tool poisoning, chain detection. Any security tool can run against it. No vendor lock-in.
- March 6, 2026
Your agent leaks secrets in POST bodies, not just URLs
URL scanning catches secrets in hostnames and query strings. But agents also make POST requests. Secrets in JSON bodies, form fields, multipart uploads, and HTTP headers bypass URL-level DLP entirely.
- March 5, 2026
Guardrails deleted, now what?
OBLITERATUS and similar tools remove safety guardrails from open-weight models using weight ablation. When the model won't refuse, your only defense is the network layer.
- March 5, 2026
Your MCP server's tool descriptions are an attack surface
MCP tool descriptions go straight into your agent's context window. A malicious server hides instructions in them. Your agent reads them and obeys. Here's the attack, three variants, and what catches it at the network layer.
- March 3, 2026
CVE-2026-25253: WebSocket Hijacking in OpenClaw AI Agents
A CVSS 8.8 vulnerability in OpenClaw lets attackers hijack agent sessions via cross-site WebSocket. The attack chain, what each step does, and how to add defense-in-depth.
- March 3, 2026
Your AI agent leaks API keys through DNS queries
Most DLP tools scan HTTP bodies. Your secrets leak before that, in the DNS lookup. Here's the attack, the proof, and why scan ordering matters.
- February 24, 2026
Every protocol your agent speaks, scanned
AI agents talk over HTTP, MCP, and WebSocket. Each protocol has its own attack surface. Here's what can go wrong on each one.
- February 22, 2026
Your Agent Just Leaked Your AWS Keys: The Attack and Fix
A prompt injection tells your coding agent to exfiltrate credentials via HTTP. No malware. Here's the attack, the output, and the config that stops it.
- February 21, 2026
What is an agent firewall?
AI agents make HTTP requests, call tools, and handle credentials. An agent firewall scans traffic in both directions before anything gets through.
- February 14, 2026
EU AI Act Runtime Security: What You Need Before August
The EU AI Act's high-risk requirements take effect August 2, 2026. The compliance standard won't land until Q4. Here's what to build now if you're running AI agents.
- February 13, 2026
First AI Agent Espionage Campaign
Anthropic disclosed GTG-1002, the first AI agent espionage campaign. A state actor jailbroke Claude Code for autonomous hacking. What happened and which defenses work.
- February 11, 2026
What's next for Pipelock: the v0.2 roadmap
GitHub Actions, MCP input scanning, smart DLP, and what Pipelock Pro will look like.
- February 10, 2026
Claude Code Security: Risks and How to Fix Them
Claude Code has shell access, API keys, and MCP servers feeding directly into its context window. Here's what can go wrong and how to lock it down.
- February 9, 2026
283 ClawHub Skills Are Leaking Your Secrets
Snyk found 283 ClawHub skills leaking API keys through the LLM context window. Static scanning can't catch runtime exfiltration. Here's what can.
- February 8, 2026
Lateral movement in multi-agent LLM systems
When one compromised agent can pivot to others through shared context, MCP servers, or tool delegation, a single injection compromises the entire mesh.