prompt-injection
5 articles
The 2026 OpenClaw Triple Breach: Freedom Isn't Free
In early 2026, OpenClaw got hit three times: 20,000+ gateways exposed to the internet, 20% of marketplace skills were trojans, and link previews became exfiltration vectors. Attackers had a smooth ride until they hit a closed door — and 'proper configuration' suddenly mattered. Self-hosting freedom comes with self-hosting responsibility.
The Memory Heist — Stealing Everything Claude Remembers with Alphabet Links
A security researcher demonstrates a stealthy data exfiltration technique: turning hyperlinks into a keyboard so Claude "types" out the user’s name, company, and hometown one character at a time—while the user sees nothing but a coffee shop menu.
Fable 5 Built a Whole Browser-Testing Toolchain Just to Fix Two Lines of CSS
Simon Willison gave Fable 5 a screenshot and one line: fix a stray scrollbar. Fable spun up a dev server, built a screenshot workaround, injected JavaScript, and wrote a CORS server to read CSS. Two CSS lines, $12, and an unsandboxed-agent warning.
Every Agent Needs a Bouncer: Brex Open-Sources CrabTrap, an LLM-Judge HTTP Proxy for Production Agents
Brex open-sourced CrabTrap, an HTTP proxy for agent requests. Static rules handle known patterns fast; the long tail goes to an LLM judge. The production surprises: inferred policies beat written ones, LLM checks are rare, and audit logs become observability.
Reverse-Engineering Codex: Cracking Open the Context Compaction API with Prompt Injection
Developer Kangwook Lee used just 2 API calls and 35 lines of Python to crack open Codex's hidden context compaction API via prompt injection — revealing the secret system prompts behind the encryption.