CSOonline

What CISOs need to know about the OpenClaw security nightmare

Clawdbot, I mean, Moltbot, I mean, OpenClaw may be an immediate cybersecurity nightmare for enterprises, so here are its dangers and what to consider to prevent inadvertent access to company’s data or ...
thecyberexpress

AI-Coded Moltbook Platform Exposes 1.5 Mn API Keys Through Database Misconfiguration

Viral social network “Moltbook” built entirely by artificial intelligence leaked authentication tokens, private messages and user emails through missing security controls in production environment.
Infosecurity-magazine.com

Vibe-Coded Moltbook Exposes User Data, API Keys and More

A self-styled social networking platform built for AI agents contained a misconfigured database which allowed full read and write access to all data, security researchers have revealed. Moltbook was ...
VentureBeat

OpenClaw proves agentic AI works. It also proves your security model doesn't. 180,000 developers just made that your problem.

OpenClaw, the open-source AI assistant formerly known as Clawdbot and then Moltbot, crossed 180,000 GitHub stars and drew 2 million visitors in a single week, according to creator Peter Steinberger.
cryptopolitan

10,000 users’ OpenAI API keys have found stolen by fake Chrome AI extension

A Chrome extension posing as an AI assistant exposed more than 10,000 users, secretly harvesting OpenAI API keys and sending data to attacker-controlled servers. Researchers say at least 459 API keys ...
iapp.org

Who holds the keys? Navigating legal and privacy governance in third-party AI API access

In today's rapidly evolving artificial intelligence environment, organizations are increasingly relying on third-party application programming interfaces from platforms like OpenAI, Google and Amazon ...
CNBC

OpenAI to focus on 'practical adoption' in 2026, says finance chief Sarah Friar

OpenAI will make 2026 its year of "practical adoption," the artificial intelligence startup's finance chief said in a blog Sunday. The startup's compute grew from 0.2 GW in 2023 to about 1.9 GW in ...
bitnewsbot

Chrome extension steals MEXC API keys, enables theft online.

On Jan. 13, 2026, researchers reported that a Chrome extension called MEXC API Automator (ID: pppdfgkfdemgfknfnhpkibbkabhghhfh) targets accounts on MEXC, a ...
Bleeping Computer

IBM warns of critical API Connect auth bypass vulnerability

IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could allow attackers to access apps remotely. API Connect is an application ...
InfoQ

Azure API Management Premium v2 GA: Simplified Private Networking and VNet Injection

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
Bleeping Computer

OpenAI discloses API customer data breach via Mixpanel vendor hack

OpenAI is notifying some ChatGPT API customers that limited identifying information was exposed following a breach at its third-party analytics provider Mixpanel. Mixpanel offers event analytics that ...
CSOonline

AI startups leak sensitive credentials on GitHub, exposing models and training data

Experts say the leaks highlight how fast-growing AI firms may be prioritizing innovation over basic DevSecOps hygiene, leaving valuable intellectual property and data at risk. Nearly two-thirds of the ...