Skills
OWASP Publishes First GenAI Exploit Round-up Report Q1 2026: Systematic Catalog of Real-World AI Agent Attacks, ClawHub Registry Poisoned at Scale
OWASP's Q1 2026 GenAI Exploit Round-up documents the transition from theoretical AI risks to real-world exploitation. Key finding: the ClawHub registry (primary OpenClaw skills marketplace) became the first AI agent registry poisoned at scale — five of the top seven most-downloaded skills were confirmed malware at peak infection. The report maps incidents to both the OWASP Top 10 for LLM Applications and the new OWASP Top 10 for Agentic Applications. A notable gap: most AI security events lack CVE identifiers, creating a blind spot for traditional vulnerability management.
↳ Follow the thread