Agents
Adversa AI April 2026 Roundup: OpenClaw Localhost Hijack, SlowMist Agent-Facing Defense, and STSS Attestation
Adversa AI's April 2026 agentic security roundup documents several new threat vectors: a serious OpenClaw local WebSocket gateway vulnerability allowing malicious websites to hijack developer agents without interaction by exploiting implicit localhost trust, four CrewAI CVEs chaining prompt injection to RCE, and the Chrome Gemini Live panel hijack (CVE-2026-0628). On the defense side, SlowMist's agent-facing security paradigm and STSS's cryptographic skill attestation represent the first tools designed to be consumed directly by agents, not just human operators.
Source
↳ Follow the thread