- March 3, 2026
Your AI agent leaks API keys through DNS queries
Most DLP tools scan HTTP bodies. Your secrets leak before that, in the DNS lookup. Here's the attack, the proof, and why scan ordering matters.
- February 22, 2026
Your Agent Just Leaked Your AWS Keys: The Attack and Fix
A prompt injection tells your coding agent to exfiltrate credentials via HTTP. No malware. Here's the attack, the output, and the config that stops it.
- February 9, 2026
283 ClawHub Skills Are Leaking Your Secrets
Snyk found 283 ClawHub skills leaking API keys through the LLM context window. Static scanning can't catch runtime exfiltration. Here's what can.