Appsec adventures

The post describes how the author examined real-world deployments of Clawdbot , an open-source AI agent that connects large language models to messaging platforms and can execute tools for users. He found hundreds of publicly exposed control interfaces that give attackers easy access to credentials, conversation histories, and command execution on behalf of the owner. Because many deployments were misconfigured or left with development defaults, they exposed API keys, bot tokens, OAuth secrets, and even root access. The article uses this “butler gone rogue” metaphor to highlight the security trade-offs of autonomous agents and stresses the need for better defaults, hardened configurations, and careful consideration of the risks posed by pervasive, autonomous AI infrastructure.  https://www.linkedin.com/pulse/hacking-clawdbot-eating-lobster-souls-jamieson-o-reilly-whhlc/

Vercel announced that it has added automatic patching for the React2Shell vulnerability across its platform. This means Vercel will now detect projects affected by this security issue and apply patches without requiring manual steps from developers. The update improves security by reducing the window of exposure and lowering the operational burden on teams who might otherwise have to identify vulnerable dependencies and fix them manually. This automated capability helps ensure that applications deployed on Vercel remain protected against the specific React2Shell risk with minimal intervention from developers. https://vercel.com/changelog/automated-react2shell-vulnerability-patching-is-now-available

The article explains that public container registries pose significant security risks because anyone can publish images there, including potentially malicious actors. Threats include images with embedded malware, cryptojacking tools, backdoors, or names mimicking legitimate images to trick users. The piece highlights how attackers can exploit weak naming conventions, typosquatting, and unattended or abandoned images to get users to pull harmful content. It discusses credential leakage when images are built with secrets, lack of image provenance and trust metadata, and insufficient scanning for known vulnerabilities. The article recommends mitigating these risks by using signed and provenance-verified images, enforcing registry access controls, scanning images for malware and vulnerabilities before deployment, establishing internal trusted registries or mirrors, and implementing supply chain security practices so that only vetted and traceable images are used in production.  https:/...

The article explains why signing software artifacts matters for trust, security, and regulatory requirements. It shows how cryptographic signatures prove who built a release and ensure that its contents haven’t been tampered with, making supply chain attacks and unauthorized modifications easier to detect. It discusses common signing technologies like GPG and X.509 certificates, how they integrate with build systems and package ecosystems, and why reproducible builds are important to validate signatures. The article also covers practical best practices such as managing signing keys securely, automating signing in CI/CD pipelines, and validating signatures when consuming artifacts to improve quality assurance and meet compliance obligations.  https://www.endorlabs.com/learn/signing-your-artifacts-for-security-quality-and-compliance

The article explains that workflows and actions used in GitHub Actions aren’t just configuration files but can introduce real dependencies and risks because they execute code from potentially external sources. It shows how actions from the marketplace, public repositories, or even referenced by git URLs and tags can change and pull in updated code, making them difficult to control. The piece walks through examples of how an attacker could compromise an action or influence workflow behavior and recommends treating actions like code dependencies: use pinned versions, review code before using it, host trusted actions internally, and monitor for changes. It stresses that without careful management, Actions can create supply-chain security problems just like libraries or packages.  https://www.endorlabs.com/learn/surprise-your-github-actions-are-dependencies-too

The article argues that AI compliance cannot be handled with spreadsheets or traditional GRC tools because AI systems generate high-volume, dynamic interactions through APIs and prompts. Effective AI compliance tools must monitor AI usage in real time, especially at the API layer, capture prompt and response context, and automatically map activity to recognized frameworks like OWASP LLM Top 10 and MITRE ATLAS. The focus shifts from documenting intent and policies to observing actual AI behavior, producing continuous evidence, detecting violations early, and supporting audits through automated, operational visibility.  https://securityboulevard.com/2026/01/ai-compliance-tools-what-to-look-for-firetail-blog/