AI SECURITY BRIEF

Understand one real AI security risk every week

A weekly brief on prompt injection, agent tool abuse, public exposure, and release risk: how the attack works, where it reaches, and what should stop it.

For teams building LLM, Agent, RAG, and automation systems in production.

Prompt InjectionTool AbusePublic ExposureRelease Control
Subscribe to the briefOpen risk board

THIS WEEK

Three AI security signals this week

Each signal answers three questions: what the attack path is, where the exposure lives, and how to handle it.

01

PROMPT INJECTION

Latest brief

Prompt injection moved downstream

Retrieval, orchestration, and hidden instructions are the new weak point.

Read full brief
02

TOOL ABUSE

Operator note

Runtime permission is the blast radius

Fetch, shell, subprocess, and connectors decide how far a prompt can go.

Browse archive
03

PUBLIC EXPOSURE

Proof layer

Exposure turns theory into incident

OpenClaw shows which endpoints, docs, and agent interfaces are reachable now.

Open OpenClaw

THREAT SURFACE

What AIPwn tracks

The surfaces where AI risk becomes reachable.

CURRENT TRACKING

01Input path

Prompt Injection

Instruction override, hidden tool calls, indirect poisoning, and retrieval chains.

02Runtime

Tool Abuse

Shell execution, downloader chains, connector misuse, and runtime permissions.

03Secrets

Secret Exposure

Leaked API keys, unsafe logs, public config artifacts, and long-lived credentials.

04Exposure

Public Surface

Open docs, unauthenticated endpoints, and exposed agent interfaces.

PROOF LAYER

Risk needs verifiable evidence

OpenClaw turns public exposure into a trackable board: target, issue, risk level, and current status.

  • Make exposure visible.
  • Track docs, endpoints, auth, and runtime behavior.
  • Reuse the same evidence in policy and gates.
Open WatchboardRead Newsletter
OPENCLAW PREVIEWRecent exposed surfaces
TargetRiskIssueStatus
api.assistant-demo.aiHighPublic docs + no authPublic
tools.ops-agent.devHighShell-capable runtimeReview
rag-preview.exampleMediumPrompt injection pathTracked
share.agent-lab.runMediumLeaked token artifactRestricted

INFRASTRUCTURE

From brief to gates

The same evidence powers scanning, policy, and release control.

01

NEWSLETTER

AIPwn Newsletter

Weekly research on AI exploit paths, exposed surfaces, and ship risk.

Weekly
Subscribe
02

CONTROL PLANE

ClawPlane

Policy, scanning, and release decisions for AI systems.

Alpha
Explore ClawPlane
03

SCANNER

ClawScan

Evidence-first scanning across repos, prompts, connectors, and surfaces.

Research-driven
View surfaced targets
04

GATE

ClawGate

Release gates for risky AI changes.

Alpha
Join waitlist
05

VERIFY

AIPwn Verify

Detect AI-generated content across image, text, audio, and video.

Live
Try AI detector

SUBSCRIBE

Read the attack path before it spreads

A weekly AI security brief for engineers, security researchers, and product leaders. High-signal research only.

Subscribe to the briefOpen risk board