Data Privacy & Security Weekly AI News
June 22 - June 30, 2026Weekly signal
This week (2026-06-22 → 2026-06-30) the agentic-AI privacy/security story sharpened around three operational faults: powerful frontier models being used for vulnerability discovery, active supply‑chain compromise of agent skill marketplaces, and vendor productization of agent‑specific zero‑trust controls. These are not hypothetical risks anymore — they changed attacker/defender economics this week and require immediate operational changes for teams building or operating AI agents.
What changed
-
Anthropic’s restricted Mythos model, used under Project Glasswing, identified previously unknown vulnerabilities inside highly sensitive U.S. government systems during an authorized test — findings were reported publicly this week. This confirms that large, agent‑capable models can accelerate vulnerability discovery at scale and that access to such models is a national security and dual‑use concern.
-
Palo Alto Networks Unit 42 documented multiple evasive, malicious “skills” (plugin packages for the OpenClaw agent platform) that bypassed automated scanners and delivered macOS infostealers and agentic fraud flows; OpenClaw/ClawHub removed the packages after disclosure. The attack chain demonstrates how agent skill marketplaces are a new supply‑chain vector for credential and data exfiltration.
-
Security vendors are shipping agent‑first controls: Zscaler announced an “AI Broker” plus an Agent Registry and an AI Access Graph to enforce fine‑grained agent access and map agent → data lineage (press release / product notes this month). These products crystallize the industry shift from human‑centric IAM to agent‑aware zero trust.
What to do with it
- Treat agents as first‑class identities: inventory agents, map their required actions (not just permissions), and bind them to short‑lived machine identities and attestations.
- Immediately audit any agent skill marketplace use. Remove unverified skills, require code provenance and signed artifacts, and sandbox installs until line‑by‑line review is done. Unit 42’s methods and indicators are practical starting points.
- Assume models can find vulnerabilities faster than humans; run model‑assisted red teams defensively (Project Glasswing shows this works) and prioritize rapid patching for exposed codepaths.
- Add runtime controls: MCP/A2A traffic inspection, per‑agent prompt extraction, behavioral baselining, and DLP on agent calls. Vendors now offer dedicated primitives — evaluate them quickly for high‑risk agent use cases.
Do not just read about agents. Build one that runs.
Create an agent from a short prompt, connect a gateway later, and pay mainly for active runtime.
Hosted agent
OpenClaw or Hermes