Subscribe

AI SECURITY BRIEF

AI Security Brief

Exploit paths, exposed surfaces, and ship risk for teams building AI.

Read it weekly. Act before the pattern spreads.

Prompt InjectionTool AbusePublic ExposureRelease Control
SubscribeOpen Watchboard
01Exploit Paths

how the break works

02Exposed Surfaces

what is reachable now

03Ship Risk

what should stop release

THIS WEEK

Signals worth reading

Short notes. Real attack paths. No security theater.

01

PROMPT INJECTION

Latest brief

Prompt injection moved downstream

The weak point is often retrieval, orchestration, or hidden instructions.

Subscribe
02

TOOL ABUSE

Operator note

Runtime permission is the blast radius

Fetch, shell, subprocess, and connectors decide how far a prompt can go.

Archive
03

PUBLIC EXPOSURE

Proof layer

Exposure turns theory into incident

OpenClaw shows which endpoints, docs, and agent interfaces are reachable now.

Watchboard

THREAT SURFACE

What AIPwn tracks

The surfaces where AI risk becomes reachable.

CURRENT TRACKING

01Input path

Prompt Injection

Instruction override, hidden tool calls, indirect poisoning, and retrieval chains.

02Runtime

Tool Abuse

Shell execution, downloader chains, connector misuse, and runtime permissions.

03Secrets

Secret Exposure

Leaked API keys, unsafe logs, public config artifacts, and long-lived credentials.

04Exposure

Public Surface

Open docs, unauthenticated endpoints, and exposed agent interfaces.

PROOF LAYER

Proof beats slides

OpenClaw turns findings into a live board: target, issue, status.

  • Make exposure visible.
  • Track docs, endpoints, auth, and runtime behavior.
  • Reuse the same evidence in policy and gates.
Open WatchboardRead Newsletter
OPENCLAW PREVIEWRecent exposed surfaces
TargetRiskIssueStatus
api.assistant-demo.aiHighPublic docs + no authPublic
tools.ops-agent.devHighShell-capable runtimeReview
rag-preview.exampleMediumPrompt injection pathTracked
share.agent-lab.runMediumLeaked token artifactRestricted

INFRASTRUCTURE

From brief to gates

The same evidence powers scanning, policy, and release control.

01

NEWSLETTER

AIPwn Newsletter

Weekly research on AI exploit paths, exposed surfaces, and ship risk.

Weekly
Subscribe
02

CONTROL PLANE

ClawPlane

Policy, scanning, and release decisions for AI systems.

Alpha
Control Plane
03

SCANNER

ClawScan

Evidence-first scanning across repos, prompts, connectors, and surfaces.

Research-fed
Surfaced Targets
04

GATE

ClawGate

Release gates for risky AI changes.

Alpha
Release Gates

SUBSCRIBE

Read the signal before it spreads

Weekly AI security research for teams shipping real systems.

SubscribeWatchboard