NewsSOUL.md Memory Poisoning: Persistent Agent Compromise via ConfigurationInvariant Labs·high signalNew attack vector: malicious repos plant hidden instructions in SOUL.md/CLAUDE.md files that persist across sessions.SourceSource pageInvariant Labs↳ Follow the threadStack layer / Threat patternOpen-Source Multi-Agent Firewall Intercepts Both HTTP(S) and WebSocket LLM TrafficarXivStack layer / Threat patternAirflowAttack Fools Infrared Remote-Sensing VLMs With Physical PerturbationsarXivPolicy dependency / Threat patternPrismata Confines Cross-Site Prompt Injection by Treating Web Agents Like an XSS ProblemarXivPolicy dependency / Stack layerStrict data-flow tracking is the only defense that zeroes out ADI — spend its utility cost only on code execution and moneyarXiv 2607.05120Stack layer / Update threadClaude Code v2.1.203 and v2.1.204 Add Login-Expiry Warnings and Fix Headless Hook StreamingClaude Code DocsPolicy dependency / Stack layerPattern: Safety Rails Are Migrating From the Prompt Into the Harness's Auto ModeClaude Code ChangelogPolicy dependency / Stack layerLeanCTX Ships a Rust Binary That Decides What Your Agent Is Allowed to ReadGitHubPolicy dependency / Stack layerIAPS warns on Kimi Claw: security and governance risks of Chinese-hosted 'always-on' AI agentsIAPS