Subscribe

AI SECURITY BRIEF

AI Security Brief

Weekly research on exploit paths, exposed surfaces, and what stops risky AI from shipping.

Read by AI teams at companies building real systems.

Prompt InjectionTool AbusePublic ExposureRelease Control
Subscribe freeOpen Watchboard
01Exploit Paths

how the break works

02Exposed Surfaces

what is reachable now

03Ship Risk

what should stop release

THIS WEEK

Signals worth reading

Real attack paths. No fluff. Actionable in 5 minutes.

01

PROMPT INJECTION

Latest brief

Prompt injection moved downstream

Retrieval, orchestration, and hidden instructions are the new weak point.

Read full brief
02

TOOL ABUSE

Operator note

Runtime permission is the blast radius

Fetch, shell, subprocess, and connectors decide how far a prompt can go.

Browse archive
03

PUBLIC EXPOSURE

Proof layer

Exposure turns theory into incident

OpenClaw shows which endpoints, docs, and agent interfaces are reachable now.

Open watchboard

THREAT SURFACE

What AIPwn tracks

The surfaces where AI risk becomes reachable.

CURRENT TRACKING

01Input path

Prompt Injection

Instruction override, hidden tool calls, indirect poisoning, and retrieval chains.

02Runtime

Tool Abuse

Shell execution, downloader chains, connector misuse, and runtime permissions.

03Secrets

Secret Exposure

Leaked API keys, unsafe logs, public config artifacts, and long-lived credentials.

04Exposure

Public Surface

Open docs, unauthenticated endpoints, and exposed agent interfaces.

PROOF LAYER

Proof beats slides

OpenClaw turns findings into a live board: target, issue, status.

  • Make exposure visible.
  • Track docs, endpoints, auth, and runtime behavior.
  • Reuse the same evidence in policy and gates.
Open WatchboardRead Newsletter
OPENCLAW PREVIEWRecent exposed surfaces
TargetRiskIssueStatus
api.assistant-demo.aiHighPublic docs + no authPublic
tools.ops-agent.devHighShell-capable runtimeReview
rag-preview.exampleMediumPrompt injection pathTracked
share.agent-lab.runMediumLeaked token artifactRestricted

INFRASTRUCTURE

From brief to gates

The same evidence powers scanning, policy, and release control.

01

NEWSLETTER

AIPwn Newsletter

Weekly research on AI exploit paths, exposed surfaces, and ship risk.

Weekly
Subscribe
02

CONTROL PLANE

ClawPlane

Policy, scanning, and release decisions for AI systems.

Alpha
Control Plane
03

SCANNER

ClawScan

Evidence-first scanning across repos, prompts, connectors, and surfaces.

Research-fed
Surfaced Targets
04

GATE

ClawGate

Release gates for risky AI changes.

Alpha
Release Gates
05

VERIFY

AIPwn Verify

Detect AI-generated content across image, text, audio, and video.

Live
AI Detector

SUBSCRIBE

Read the signal before it spreads

Join 5,000+ AI engineers, security researchers, and product leaders. Weekly, never spam.

Subscribe freeWatchboard