Oktsec

Bounty hunting is 20% coding, 80% overhead. The fix is usually trivial. The real time sink is understanding the codebase, navigating someone else’s tech debt, setting up the environment, dealing with contribution rules, formatting the PR and handling access restrictions.

Cybersecurity is the new black

litellm was compromised on PyPI. 97 million monthly downloads. .pth file executes on every Python startup. Exfiltrates SSH keys, cloud creds, K8s secrets. Encrypts with RSA. Creates privileged pods across your cluster. Installs systemd persistence. MCP clients like Cursor auto-download deps via uvx without version pins. That's how the discoverer got hit. Find out if you're compromised in 60 seconds with Aguara: brew install garagon/tap/aguara aguara check aguara clean Scans Python environments + uv/pip/npx caches. Shows what it found, asks confirmation, quarantines for forensics. Prevent on MCP servers: aguara scan /path/to/server/ --severity high github.com/garagon/aguara

You have MCP servers running. Claude Desktop, Cursor, VS Code, maybe a custom one. Every tool call your agent makes goes straight to the server. No scanning, no access control, no logs. Here is how to put a security layer in front of all of them. dev.to/0x711/secure-y…

Oktsec already integrates with OpenClaw. 230 detection rules scan every tool call before execution, per-agent tool policies control what each claw can access, and a tamper-evident audit trail logs everything. Works with NemoClaw via Docker Sandbox network proxy.

Here's how you build software in 2026: Someone says something. You open a Conductor session in plan mode. You paste what they said. You go. x.com/garrytan/statu…

@garrytan Thanks @garrytan! Applied for the YC Summer 2026 batch, building @oktsec around agent security. Hoping to talk more about where this is all heading. oktsec.com

Thanks Gus

272,000 attacks against 13 frontier AI models. Every one broken. Gray Swan AI ran this with @OpenAI, @AnthropicAI, @Meta, and @NIST. The part that matters: attacks only counted if the agent executed the harmful action AND hid it from the user. Clean response, no alert, damage already done. 5 universal attack templates transfer across 9 models. This is not a model bug. It is structural. The paper's conclusion: "system-level and architectural defenses beyond model-level robustness training alone." oktsec.com/blog/ipi-arena…

POV: sos un agente de AI intentando ejecutar un Bash sin autorización y la langosta de @oktsec te está esperando🦞

Only 21.9% of orgs treat AI agents as identities. The rest use shared API keys. Here's the five-layer identity stack agents actually need. - hackernoon.com/ai-agents-dont… #aiagentsecurity #aiagents

Oktsec v0.10.0 is out. Delegation chains, LLM escalation, scan profiles, ephemeral keys, CLI hooks. From 85 rules to 188. From MCP-only to full AI agent visibility. oktsec.com/blog/v0-10-0-d…

Gambit Security published a case where an attacker used Claude (Anthropic's model) against Mexican government infrastructure. The prompts were all in Spanish, directing the model to do recon, find weaknesses, and write exfil scripts. The attacker basically used an LLM as a junior pentester. Find the vuln, write the exploit, automate the data grab. The barrier to pulling off something like this has collapsed. Real question for AI companies: are the guardrails actually working? Because this attacker apparently got enough output to compromise government systems. That should bother everyone building these models. Governments that haven't war-gamed AI-assisted attacks against their infrastructure are behind. Red teams need AI-offensive scenarios in their playbooks now, not next quarter.

Threat actors contact employees directly through Microsoft Teams. They pretend to be IT support or a vendor. Target sectors are finance and healthcare. The play is simple. Talk the victim into opening Quick Assist (built into Windows, Microsoft-signed) to "fix an issue." Once in, they deploy A0Backdoor. Full C2. Persistence, data theft, lateral movement. And because Quick Assist is a legit signed binary, a lot of security tools just wave it through. Fix: restrict Quick Assist via GPO. Lock down external access in Teams. Train your people (yes, again) that IT will never cold-call them on Teams asking for remote access. Monitor for unexpected remote assistance tool execution.

New phishing campaign via Microsoft Teams: attackers target finance and healthcare employees, use Quick Assist for remote access, then deploy the new A0Backdoor malware. Your corporate chat is an attack vector. An active campaign has been detected where attackers directly contact employees in the financial and healthcare sectors through Microsoft Teams, impersonating IT support or vendors. The attack is clever: they convince the victim to use Quick Assist (a legitimate Windows remote assistance tool) to "fix an issue." Once they have access, they deploy A0Backdoor, a new malware with full C2 capabilities. A0Backdoor enables persistence, data exfiltration, and lateral movement. By using legitimate tools like Quick Assist, it evades many security solutions that trust Microsoft-signed binaries. Protect your organization: Restrict Quick Assist via GPO. Train employees on social engineering through Teams. Implement external access policies in Teams. Monitor execution of remote access tools. #Phishing #MicrosoftTeams #Malware

While protocol-level patches are being developed, recommendations: Use a VPN on Wi-Fi networks. Implement 802.1X with certificates. Monitor for ARP/DHCP anomalies. Consider wireless network segmentation.

The severity: it affects home networks (WPA2/WPA3), office, and enterprise environments. The attack is transparent to users and conventional monitoring tools. Even WPA3 encryption doesn't fully protect against it.

New Wi-Fi attack "AirSnitch" presented at NDSS: cross-layer identity desynchronization enables full bidirectional MitM on home, office, and enterprise networks. No one is safe. #AirSnitch #WiFiSecurity #MitM #NDSS2026