Terrific roundup on the OpenClaw security issues. The VirusTotal finding of 3,016 skills with hundres showing malicious characteristics is kinda wild when you think about how fast this ecosystem emerged. Reminds me of early npm days where supply chain attacks wernt really on anyone's radar. One thing worth noting is that the CLI vs web server distinction for OpenClaw deployment creates totally differnt attack surfaces for defenders to monitor.
We had a hard time with the Pyramid of Pain too. We found in the Summiting the Pyramid work we did that the lower levels mostly collapsed into similar amounts of "pain" for the adversary.
"Instance" is interesting. I like the additional details, which would be really helpful, but with the caveat that we don't want to get so specific that we recreate signature-based detections just with different observables.
Terrific roundup on the OpenClaw security issues. The VirusTotal finding of 3,016 skills with hundres showing malicious characteristics is kinda wild when you think about how fast this ecosystem emerged. Reminds me of early npm days where supply chain attacks wernt really on anyone's radar. One thing worth noting is that the CLI vs web server distinction for OpenClaw deployment creates totally differnt attack surfaces for defenders to monitor.
When malware moves from cryptominer scams to infostealers, it means the attack surface is legit
We had a hard time with the Pyramid of Pain too. We found in the Summiting the Pyramid work we did that the lower levels mostly collapsed into similar amounts of "pain" for the adversary.
"Instance" is interesting. I like the additional details, which would be really helpful, but with the caveat that we don't want to get so specific that we recreate signature-based detections just with different observables.
We are excited to push mire research at Brane Labs towards observability of memory layer in agentic ai.
Excited to talk to you all and in case you have some opinions or feedback of how the future of agentic-human interface looks, let’s talk!