Autonomous AI Agents Provide New Class of Supply Chain Attack
While this campaign targets crypto wallets and steals money, the methodology has far wider potential that could be used by other attackers. The post Autonomous AI Agents Provide New Class of Supply Chain Attack appeared first on SecurityWeek.
Found in Clawhub, promoted on Moltbook, Bob-ptp is an ongoing active agent-based crypto scam.
It’s ironic that new technology often defies the fundamental security rule of zero trust – but that’s the basis of agentic AI. AI agents are often trusted with freedom to roam and act without adequate verification.
Straiker, a firm that focuses on the security of AI applications and agents, has analyzed the 3,505 Claude Skills available on Clawhub. Clawhub is a primary marketplace for ‘skills’, which are essentially AI plugins. Claude describes Skills as “modular capabilities that extend Claude’s functionality [and] that Claude uses automatically when relevant.”
Source: https://www.securityweek.com/autonomous-ai-agents-provide-new-class-of-supply-chain-attack/
Related breach coverage
- ‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks2026-04-15
Researchers warn that a flaw in Anthropic’s Model Context Protocol allows unsanitized commands to execute silently, enabling full system compromise across widely used AI environments. The post ‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks appeared first on SecurityWeek.
- North Korean Hackers Target High-Profile Node.js Maintainers2026-04-06
The threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign. The post North Korean Hackers Target High-Profile Node.js Maintainers appeared first on SecurityWeek.
- Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist2025-12-31
The worm exposed Trust Wallet’s Developer GitHub secrets, allowing attackers to publish a backdoor extension and steal funds from 2,520 wallets. The post Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist appeared first on SecurityWeek.
- Axios NPM Package Breached in North Korean Supply Chain Attack2026-04-01
A long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored package versions. The post Axios NPM Package Breached in North Korean Supply Chain Attack appeared first on SecurityWeek.