Blog
Security insights, product updates, and AI agent protection guides.
Your AI Agent’s Skill Marketplace Is Now a Supply Chain
Third-party AI-agent skills are becoming the new plugin economy: easy to install, powerful by design, and dangerously close to credentials, files, shell commands, and long-term memory. Scanner verdicts help, but they are not a trust boundary.
Read articleWhen AI Agents Enter CI/CD, Prompt Injection Becomes a Secrets Problem
Microsoft Threat Intelligence disclosed a prompt injection pathway in the Claude Code GitHub Action that could reach workflow secrets under specific conditions. Once an agent reads untrusted content and runs near credentials, prompt injection stops being a chat problem and becomes an infrastructure security boundary.
When Old Dependencies Become New Backdoors: Lessons from the Laravel Lang Supply Chain Attack
Socket Security reported 700+ historical versions of Laravel Lang packages poisoned with an RCE backdoor and a credential harvester. Pinned lockfiles, cached CI artifacts, and old Docker images are all in scope — and AI coding agents make the blast radius worse.
Proactive Recall: Why AI Agents Should Remember Before They Reply
Most AI agents only search memory after they fail. Proactive Recall changes that by injecting relevant memory before the model responds, reducing repeated mistakes and making persistent memory actually useful.
Introducing Cortex — Your Agent Learns From Its Mistakes
AI agents repeat the same mistakes because they don't learn between sessions. Cortex captures what went wrong, runs pre-flight checks before tasks, and graduates rules once mastered. ShieldCortex is now the only agent security tool that makes your agent smarter over time.
NVIDIA Chose OpenClaw. Here's How We Secure It.
NVIDIA released NemoClaw — OS-level sandboxing built on OpenClaw. They called it 'the operating system for personal AI.' Here's what NemoClaw does, what it doesn't, and where ShieldCortex fills the gap.
Why Runtime Security Isn't Enough — The Case for Memory Integrity
IronClaw secures the runtime. But what secures the memory? Even the most locked-down agent sandbox can't protect against poisoned persistent memory. Here's why you need both runtime security and memory integrity.
Introducing Iron Dome — Behaviour Protection for AI Agents
Your defence pipeline stops poisoned inputs. Iron Dome stops poisoned outputs. Control what your AI agent can do — not just what it remembers.
ShieldCortex Now Speaks Python — Protect AI Memory from CrewAI, LangChain, and Beyond
The official Python SDK is live on PyPI. Scan AI agent memory for prompt injection and credential leaks — with built-in CrewAI and LangChain integrations.
Real-time LLM Scanning for OpenClaw — Defence at the Pipeline Level
The new ShieldCortex plugin for OpenClaw scans every LLM input for threats and auto-extracts memories from outputs. Fire-and-forget — never blocks your agent.
MCP Security: What Claude Code Users Need to Know
The Model Context Protocol is powerful, but MCP servers have direct access to your system. Here's how to protect yourself.
The 5 Ways Hackers Can Poison Your AI Agent's Memory
AI agents with persistent memory are vulnerable to a new class of attacks. Here are the 5 techniques attackers use — direct injection, encoded payloads, fragmentation, context manipulation, and trust escalation.
Introducing ShieldCortex: The Security Layer Your AI Agent is Missing
AI agents are everywhere. They're writing code, managing infrastructure, processing emails. And increasingly, they have persistent memory. This is powerful. It's also dangerous.