惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Martin Fowler
Martin Fowler
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
Troy Hunt's Blog
Latest news
Latest news
Vercel News
Vercel News
S
SegmentFault 最新的问题
V
Vulnerabilities – Threatpost
博客园 - Franky
P
Privacy International News Feed
A
Arctic Wolf
T
The Blog of Author Tim Ferriss
S
Schneier on Security
T
The Exploit Database - CXSecurity.com
P
Palo Alto Networks Blog
T
Tor Project blog
Jina AI
Jina AI
GbyAI
GbyAI
The Hacker News
The Hacker News
博客园 - 叶小钗
Google DeepMind News
Google DeepMind News
T
Threatpost
C
CERT Recently Published Vulnerability Notes
P
Proofpoint News Feed
Scott Helme
Scott Helme
WordPress大学
WordPress大学
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Microsoft Azure Blog
Microsoft Azure Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
博客园 - 司徒正美
A
About on SuperTechFans
Recorded Future
Recorded Future
爱范儿
爱范儿
L
LangChain Blog
V
V2EX
C
Cybersecurity and Infrastructure Security Agency CISA
The Cloudflare Blog
阮一峰的网络日志
阮一峰的网络日志
K
Kaspersky official blog
Webroot Blog
Webroot Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
D
DataBreaches.Net
宝玉的分享
宝玉的分享
Google Online Security Blog
Google Online Security Blog
C
Cisco Blogs
L
Lohrmann on Cybersecurity
Help Net Security
Help Net Security
AWS News Blog
AWS News Blog
M
MIT News - Artificial intelligence
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
G
GRAHAM CLULEY

www.infosecurity-magazine.com

Just Three Ransomware Gangs Accounted for 40% of Attacks Last Month Google Chrome Rolls Out Protection Against Infostealers Targeting Session Cookies STX RAT Targets Finance Sector With Advanced Stealth Tactics Bitcoin Depot Reports $3.6m Crypto Theft After System Breach Atomic Stealer MacOS ClickFix Attack Bypasses Apple Security Warnings Middle East Hack-for-Hire Operation Traced to South Asian Cyber Espionage Group Governance Gaps Emerge as AI Agents Drive 76% Increase in NHIs Google Warns of New Threat Group Targeting BPOs and Helpdesks Google API Keys Quietly Gain Access to Gemini on Android Devices Critical Vulnerability in Ninja Forms Exposes WordPress Sites Anthropic Launches Project Glasswing to Use AI to Find and Fix Critical Software Vulnerabilities US Thwarts DNS Hijacking Network Controlled by Russian APT28 Hackers Claude Discovers Apache ActiveMQ Bug Hidden for 13 Years Iran‑Backed Threat Actors Hit US CNI Providers via Internet‑Facing OT Assets Russian APT28 Hackers Hijack Routers to Steal Credentials, UK Security Agency Warns GPU Rowhammer Attack Enables Privilege Escalation and Full System Compromise GrafanaGhost Exploit Bypasses AI Guardrails for Silent Data Exfiltration Over $17bn Lost to Cyber Fraud in the Last Year, Warns FBI Storm-1175 Exploits Flaws in High-Velocity Medusa Attacks Fortinet Releases Emergency Patch After FortiClient EMS Bug Is Exploited New Phishing Platform Used in Credential Theft Campaigns Against C-Suite Execs New 'Storm' Infostealer Remotely Decrypts Stolen Credentials NCSC Issues Security Alert Over Hackers Targeting WhatsApp and Signal Accounts Apple Expands iOS 18 Security Updates Amid DarkSword Threat Researchers Observe Sub-One-Hour Ransomware Attacks GitHub Used as Covert Channel in Multi-Stage Malware Campaign Most CNI Firms Face Up to £5m in Downtime from OT Attacks Google Introduces Android Dev Verification Amid Openness Debate New Venom Stealer MaaS Platform Automates Continuous Data Theft Chinese Hackers Target European Governments in Espionage Campaigns Eight in 10 UK Manufacturers Hit by Cyber Incident in a Year Hackers Hijack Axios npm Package to Spread RATs Maryland Man Charged Over $53m Uranium Finance Crypto Hack Phantom Project Bundles Infostealer, Crypter and RAT For Sale ChatGPT Security Issue Enabled Data Theft via Single Prompt TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets Employee Data Breaches Surge to Seven-Year High NCSC Urges Immediate Patching of F5 BIG-IP Bug Cybercriminals Exploit Tax Season With New Phishing Tactics Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers DeepLoad Malware Combines ClickFix With AI-Generated Code to Avoid Detection Critical Citrix NetScaler Vulnerability Exploited in the Wild ICO Fines UK Nuisance Call Scammers £100,000 European Commission Confirms Cloud Data Breach New Wave of AiTM Phishing Targets TikTok for Business TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack Quantum Computing Threat to Encryption Is Closer Than Expected, Warns Google UK Cracks Down on Chinese Crypto Marketplace for Funding Southeast Asia Scam Hubs Security Researchers Sound the Alarm on Vulnerabilities in AI-Generated Code Attackers Rapidly Weaponize Critical Oracle WebLogic RCE, Honeypot Study Finds EtherRAT Techniques Bypass Security Via Ethereum Smart Contracts AI Becomes the Top Cybersecurity Priority for Defenders as Criminals Exploit It, PwC Warns OpenAI Expands Bug Bounty to Cover AI Abuse and 'Safety' Concerns Iran-Linked Pay2Key Ransomware Group Re-Emerges Invoice Fraud Costs UK Construction Sector Millions, NCA Warns Cloud Phones Linked to Rising Financial Fraud Threat Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne US: FCC Bans Foreign-Made Routers Over National Security Concerns TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise Experts Sound Alarm Over “Prompt Poaching” Browser Extensions Operation Henhouse Nets Over 500 Arrests in UK Fraud Crackdown RSA Conference: UK NCSC Head Urges Industry to Develop Vibe Coding Safeguards Silver Fox Cyber Campaigns Show Shift Toward Dual Espionage Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities New Npm 'Ghost Campaign' Uses Fake Install Logs to Hide Malware Former Ukrainian Foreign Minister Dmytro Kuleba to Address the New Cyber Frontline at Infosecurity Europe Enterprise Cybersecurity Software Fails 20% of the Time, Warns Absolute Security Russian Initial Access Broker Handed 81-Month Sentence Handala Group Tied to Iranian Hack‑and‑Leak Operations, FBI Reveals Most Cybersecurity Staff Don’t Know How Fast They Could Stop a Cyber-Attack on AI Systems Tycoon2FA Phishing Service Resumes Activity Post-Takedown High-Tech Sector Overtakes Finance as Top Target for Cyber-Attacks, Mandiant Reports Trivy Supply Chain Attack Expands With New Compromised Docker Images CISA Orders US Government to Patch Maximum Severity Cisco Flaw Operation Alice Takes Down 370,000+ Dark Web Sites Hackers Exploit Critical Langflow Bug in Just 20 Hours NCA Boss Warns That Teens Are Being “Radicalized” Into Cybercrime Online Ransomware Affiliate Exposes Details of 'The Gentlemen' Operation Financial Brands Targeted in Global Mobile Banking Malware Surge FCA Updates Cyber Incident and Third-Party Reporting Rules AWS Warns Hackers Have Abused Cisco Firewall Zero-Day Since January UK: Regulation Drives Cyber Spending for Critical Infrastructure Orgs New Ubuntu Flaw Enables Local Attackers to Gain Root Access Crypto Scam "ShieldGuard" Dismantled After Malware Discovery AI-Enabled Adversaries Compress Time-to-Exploit Following Vulnerability Disclosure Vidar Stealer 2.0 Exploits GitHub, Reddit to Deliver Malware via Fake Game Cheats AI Issues Will Drive Half of Incident Response Efforts by 2028, Says Gartner Android OS-Level Attack Bypasses Mobile Payment Security 'CursorJack’ Attack Path Exposes Code Execution Risk in AI Development Environment Surge in Nation State Attacks on UK Firms Amid Cyber Warfare Fears Aeternum Botnet Shifts Command Control to Polygon Blockchain Leading Semiconductor Supplier Advantest Hit by Ransomware Attack Remcos RAT Expands Real-Time Surveillance Capabilities SMEs Wrong to Assume They Won’t Be Hit by Cyber-Attacks, NCSC Boss Warns Google Warns of In the Wild Exploit as It Patches New Chrome Zero Day Phorpiex Phishing Delivers Low-Noise Global Group Ransomware BridgePay Confirms Ransomware Attack, No Card Data Compromised New Hacking Campaign Exploits Microsoft Windows WinRAR Vulnerability Labyrinth Chollima Evolves into Three North Korean Hacking Groups Google Disrupts Extensive Residential Proxy Networks
OpenAI's Promptfoo Deal Plugs Agentic AI Testing Gap
2026-03-10 · via www.infosecurity-magazine.com

OpenAI is stepping up its push to bolster the security framework surrounding its enterprise-focused AI ecosystem.

Recently, the AI giant has looked to address the need for agentic AI security testing through its acquisition of agentic security testing firm Promptfoo.

In a soon-to-be released interview with Infosecurity, OpenClaw’s security advisor flagged that such a security requirement existed within agentic AI development.

Jamieson O’Reilly, an Australian hacker, founder of pentesting company DVULN and security advisor at OpenClaw, a local AI agent project that went viral at the beginning of 2026, spoke to Infosecurity for an upcoming podcast episode.

Asked about the future for agentic AI security, O’Reilly warned that the AI and cybersecurity community needs to develop more ways to “scan AI tools” for detecting “human-language malware, rather than using traditional file-based malware analysis.”

A day after the interview, conducted on March 9, OpenAI announced it was acquiring Promptfoo in a bid to reinforce security measures for AI agents in enterprise applications.

Founded in July 2024 by Ian Webster, a senior engineering manager at Discord, and Michael D'Angelo, the VP of Engineering and head of machine learning at Smile Identity, Promptfoo addresses the security gap O’Reilly highlighted.

Specifically, the startup provides open source tools to test and evaluate large language models (LLMs) and AI agents. These include tools for scanning vulnerabilities in LLMs, red-teaming AI tools, evaluating AI prompts and models, and providing a secure proxy for model context protocol (MCP) servers, one of the building blocks of AI agents.

According to OpenAI’s March 10 announcement, Promptfoo’s suite of tools are used by over 25% of Fortune 500 companies.

The startup has raised $23m so far, including $18.4m from VC firm Insight Partners in July 2025 with participation from Andreessen Horowitz. According to its LinkedIn page, Promptfoo employs over 20 people.

No financial details about the acquisition were shared by either party.

OpenAI Acquires Promptfoo to Enhance AI Agent Security Testing

OpenAI said companies are increasingly deploying AI agents, which it calls “AI coworkers,” and Promptfoo can help offer “systematic ways to test AI agent behavior, detect risks before deployment and maintain clear records to support oversight, governance and accountability over time.”

Once the acquisition is approved, OpenAI will integrate Promptfoo’s technology directly into OpenAI Frontier, its platform for building and operating “AI coworkers.”

The company stated that security and safety testing would become built-in capabilities of the Frontier platform, with automated security testing and red‑teaming tools designed to help enterprises identify and remediate risks such as prompt injections, jailbreaks, data leaks, tool misuse and out‑of‑policy agent behaviors.

OpenAI also said that security and evaluation would be integrated into development workflows so organizations can identify, investigate and remediate agent risks earlier in the development process.

In addition, integrated reporting and traceability features will provide oversight and accountability, enabling organizations to document testing, monitor changes over time and meet emerging governance, risk and compliance expectations for AI.

Finally, the generative AI giant confirmed it will keep Promptfoo’s current product suite open source and available for anyone to use and deploy.

OpenAI’s Security Future Involves OpenClaw and Promptfoo

Speaking to Infosecurity about the acquisition, O’Reilly said it “made a lot of sense.” However, he added that he didn’t have enough context about Promptfoo and the acquisition to further comment.

Since being appointed OpenClaw’s security advisor, O’Reilly has worked on a security roadmap for the project. He also helped OpenClaw partner with Google-owned VirusTotal, to improve the security of OpenClaw-compatible skills shared on skills libraries such as ClawHub. The partnership was announced on February 7.

“While VirusTotal is known for more traditional binary-based malware analysis, they were the only ones besides ourselves who were seriously studying the abuse of skills marketplaces,” O’Reilly told Infosecurity.

He also highlighted the benefit of VirusTotal’s privileged access to Google AI Gemini to “scan human-language malware.”

A few days after the OpenClaw agreement with VirusTotal, Peter Steinberger, the founder of OpenClaw, announced on February 14 that he joined OpenAI.

While it remains unclear whether the Austrian software developer is taking the OpenClaw project with him to OpenAI, he confirmed to several media outlets that OpenClaw will move to a foundation and stay open and independent.

Speaking on the Lex Fridman podcast on February 12, Steinberger said he would like OpenClaw to follow a model similar to Google’s Chromium and Chrome, where an open‑source project (Chromium) is maintained by a company alongside outside contributors and serves as the foundation for commercial products such as Google Chrome, Microsoft Edge, Brave, Opera and Vivaldi.

Whatever happens, with Steinberger’s hiring and now the Promptfoo integration, as well as the recent rollout of Codex Security, a tool formerly known as Aardvark and designed to help developers identify and mitigate vulnerabilities in AI‑generated code, OpenAI seems to be moving more aggressively to build out the security infrastructure around its enterprise AI ecosystem.

Join us on Tuesday April 28 for the AI Security and Governance Virtual Summit