Pillar Security

62 posts

Pillar Security banner
Pillar Security

Pillar Security

@Pillar_sec

Pillar enables teams to rapidly adopt AI with minimal risk by providing a unified AI security layer across the organization.

Katılım Ağustos 2024
14 Takip Edilen160 Takipçiler
Sabitlenmiş Tweet
Pillar Security
Pillar Security@Pillar_sec·
🎉 𝗕𝗶𝗴 𝗻𝗲𝘄𝘀: 𝗣𝗶𝗹𝗹𝗮𝗿 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗻𝗮𝗺𝗲𝗱 𝗮 𝟮𝟬𝟮𝟲 𝗚𝗮𝗿𝘁𝗻𝗲𝗿® 𝗖𝗼𝗼𝗹 𝗩𝗲𝗻𝗱𝗼𝗿! Recognized for our RedGraph approach to offensive agentic AI testing, dynamic runtime guardrails, and the SAIL Framework. Securing AI agents takes offense and defense as one system, not a stack of point tools. Grateful to our customers and team for pushing us here. 🙏 📄 Full report: gartner.com/en/documents/8… ✍️ What makes us cool: pillar.security/blog/pillar-se…
Pillar Security tweet media
English
1
2
4
54
Pillar Security
Pillar Security@Pillar_sec·
🔭 Millions of stars still have no names. Pillar will help you name one for yourself, your team, or someone you love. Look up at the night sky and you can see around 6,000 stars. The Milky Way holds about 100 billion. Your AI footprint can feel the same way. Security teams usually know the approved tools. But shadow agents, MCP servers, embedded copilots, and agentic workflows often run far beyond the systems anyone has mapped. At Black Hat USA 2026, Pillar will help security teams see the AI activity hiding across their environment. ⭐ Name your star: pillar.security/black-hat-usa-… 🔭 Visit us at the Pillar booth # 5711 at Black Hat USA for a live demo, and you can also enter our telescope raffle. #BlackHat2026 #AISecurity #AgenticAISecurity #ShadowAI
Pillar Security tweet media
English
0
0
0
35
Pillar Security
Pillar Security@Pillar_sec·
𝗦𝗔𝗜𝗟 𝟮.𝟬 𝗶𝘀 𝗵𝗲𝗿𝗲 ⛵ Last year we released the SAIL Framework: a practical, process-oriented guide to securing AI systems across their lifecycle. The community made it real. 50,000+ downloads, and security teams turned it into working AI security roadmaps. SAIL 2.0 takes on the next phase of enterprise cybersecurity: securing the agentic workforce. Co-developed with practitioners, for practitioners. Free for the community. Use it to: ✅ Build an AI security roadmap and benchmark maturity, phase by phase ✅ Turn standards mappings into compliance checklists: EU AI Act, ISO, OWASP, DASF, AIUC-1 ✅ Run vendor assessments and RFPs with agentic-literate questions ✅ Give security, legal, compliance, and engineering one shared vocabulary Download SAIL 2.0, or use the SAIL Skill to turn the framework into a working roadmap: pillar.security/sail
English
0
4
5
87
Pillar Security retweetledi
Pillar Security
Pillar Security@Pillar_sec·
🎉 𝗕𝗶𝗴 𝗻𝗲𝘄𝘀: 𝗣𝗶𝗹𝗹𝗮𝗿 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗻𝗮𝗺𝗲𝗱 𝗮 𝟮𝟬𝟮𝟲 𝗚𝗮𝗿𝘁𝗻𝗲𝗿® 𝗖𝗼𝗼𝗹 𝗩𝗲𝗻𝗱𝗼𝗿! Recognized for our RedGraph approach to offensive agentic AI testing, dynamic runtime guardrails, and the SAIL Framework. Securing AI agents takes offense and defense as one system, not a stack of point tools. Grateful to our customers and team for pushing us here. 🙏 📄 Full report: gartner.com/en/documents/8… ✍️ What makes us cool: pillar.security/blog/pillar-se…
Pillar Security tweet media
English
1
2
4
54
Pillar Security
Pillar Security@Pillar_sec·
What if every level of a "Catch the Flag" challenge was a real vulnerability we found in production AI agents? That's AtlasOps: start as a no-privilege user chatting with an AI copilot, end as cluster admin. Cursor, Antigravity, Gemini CLI, n8n, Docker Ask Gordon. One killchain. Read how → pillar.security/blog/from-a-co…
Pillar Security tweet media
English
1
0
1
76
Pillar Security
Pillar Security@Pillar_sec·
Day 1 of our Atlas Ops CTF at #OWASP Global AppSec Vienna is done 🎉 Massive thanks to all the online and live event participants. Going from an AI coding assistant to a cluster admin is no joke. 👏 Special shout-out to Eugeniu David, who solved the ENTIRE challenge. Play it online → pillar-ctf.dev
Pillar Security tweet mediaPillar Security tweet media
English
0
0
1
63
Pillar Security
Pillar Security@Pillar_sec·
Join the Pillar Security Research Team in our new Catch the Flag competition! Your mission: escalate from AI assistant → cluster admin. 👉Join us live at OWASP Global AppSec Vienna on Thursday or Friday: 📍 OWASP Global AppSec Vienna 📍 Austria Center Vienna | Room -2.92, Level -2 🗓 Thursday, June 25 🕙 2:30pm - 4:30pm CEST 🗓 Friday, June 26 🕙 10:05am–12:05am CEST owaspglobalappseceuvienna20.sched.com/event/2L5QI/fr… 👉Not in Vienna? The CTF is open online: pillar-ctf.dev/sign_in #AISecurity #AppSec #CTF #Kubernetes
Pillar Security tweet media
English
0
1
1
48
Pillar Security
Pillar Security@Pillar_sec·
We’re thrilled to welcome Hava Katz as Pillar Security’s Director of Marketing! Hava will help us bring Pillar’s AI agent security platform to more security teams, AI adoption leaders, and companies accelerating agentic AI—so they can innovate with confidence. Welcome, Hava! @Hava_Katz
Pillar Security tweet media
English
0
2
3
101
Pillar Security
Pillar Security@Pillar_sec·
🚨 New research: My Agentic Trust Issues - From Prompt Injection to Supply-Chain Compromise on gemini-cli Our researcher Dan Lisichkin found a CVSS 10 vulnerability we’re calling TrustIssues in Google’s AI-powered GitHub workflows. The short version: with just a public GitHub issue, an external attacker could compromise @GeminiApp -cli — Google’s AI coding agent with 101,000+ stars - and push code to main. How it worked: 🎯 Open a public issue with hidden instructions 🤖 Wait for the Gemini triage agent to read it 🔐 Use the agent to leak workflow credentials 💥 Pivot to a token with write access and push to main We also found the same vulnerable workflow pattern across at least 8 other Google repos. @Google moved fast and patched it within 2 days. Big thanks to their team for the quick, professional response. Full writeup here: pillar.security/blog/my-agenti…
Pillar Security tweet media
English
0
1
2
153
Pillar Security
Pillar Security@Pillar_sec·
Our research team has tracked autonomous AI agents running end-to-end attack campaigns: probing CI/CD pipelines across Microsoft, DataDog, and Aqua Security, compromising tools like Trivy and KICS, and cascading stolen credentials through supply chains into LiteLLM, an open-source proxy present in 36% of AI cloud environments. All within weeks of a single initial probe. AI agents already hold permissions and move across systems as part of their daily work. Compromise one, and there's no "initial access" to detect. The agent was already inside. The question for security leaders changed from "how many people do we have" to "how many agents operate in our environment, and can we tell the difference between one doing its job and one someone weaponized." We call it the Agent Economy. We wrote about what it means for defenders: pillar.security/blog/the-agent…
Pillar Security tweet media
English
0
0
2
78
Pillar Security
Pillar Security@Pillar_sec·
Pillar's research team found a zero-click, unauthenticated RCE in @n8n_io (CVE-2026-27493, CVSS 9.5 Critical & CVE-2026-27577 CVSS 9.4 Critical). No account. No authentication. A browser and a contact form is all it takes to execute shell commands on the server and decrypt every credential stored in the platform. We scanned for publicly accessible n8n form endpoints and found over 50,000 potentially vulnerable forms exposed to the internet. We worked with the n8n team to fix it. If you're self-hosting, update to the latest version now. Read more: pillar.security/blog/zero-clic…
English
0
1
2
95
Pillar Security
Pillar Security@Pillar_sec·
🚨 Our research team uncovered a vulnerability in @antigravity IDE that bypasses Secure Mode and leads to full code execution. Antigravity's Secure Mode is the product's strictest security configuration. It restricts network access, prevents out-of-workspace writes, and sandboxes all command operations. But none of these controls stop this exploit. The attack works in two steps: Stage a malicious script via file creation (a permitted action). Trigger execution through a seemingly legitimate search. This also works via indirect prompt injection. A user pulls a source file from a public repository containing attacker-controlled comments that instruct the agent to execute the exploit. No account compromise needed. Read more: pillar.security/blog/prompt-in…
Pillar Security tweet media
English
0
1
2
89
Pillar Security
Pillar Security@Pillar_sec·
We exposed a Clawdbot (Moltbot) gateway honeypot. It got attacked within minutes. Clawdbot went viral as a self-hosted AI agent — thousands deployed it. We stood up a honeypot on port 18789 and captured live exploitation attempts. Attackers clearly understood the Clawdbot ecosystem: payloads mapped directly to real vulnerabilities in the code. A successful compromise can leak: - API keys (Anthropic/OpenAI) - Gateway credentials - Telegram/Discord/Slack tokens - Full conversation history (plaintext) Patches landed in January 2026, but attackers are probing multiple protocol versions to find unpatched instances. Takeaway: If you deploy fast-moving AI projects (especially open source), you need to patch just as fast. Security advisories aren’t optional — they’re the cost of being early. Read the full analysis: pillar.security/blog/caught-in…
English
0
1
1
74
Pillar Security retweetledi
SC Media
SC Media@SCMagazine·
Cursor IDE bug (CVE-2026-22708) let indirect prompt injection trigger stealthy RCE via trusted zsh built-ins — no alerts, even with empty allowlists — according to @Pillar_sec research. Patch now; sandbox agent shells. #cybersecurity #infosec #infosec bit.ly/4qpxBnd
English
0
2
3
428
Pillar Security
Pillar Security@Pillar_sec·
🚨 New Research: Operation Bizarre Bazaar - First Attributed LLMjacking Campaign with Commercial Marketplace Monetization Between December 2025 and January 2026, Pillar Security Research deployed a honeypot mimicking exposed AI infrastructure. Over 40 days, we captured 35,000 attack sessions from three coordinated threat actors. The finding, led by Eilon Cohen and Ariel Fogel marks the first public documentation of a named, attributed, and monetized campaign targeting exposed LLM and AI endpoints at scale. The threat is active and ongoing. Transparency is key to defense, which is why we are releasing our full research findings. Read the overview blog: pillar.security/blog/operation… Read the full analysis, including IOCs: pillar.security/resources/oper…
Pillar Security tweet media
English
2
1
3
120