Signal criticality: High
What happened: Help Net Security reported that noma brings visibility and access governance to AI agents and MCP servers Noma has announced the launch of Noma Agent Access Control, which helps security teams discover, govern, and enforce access policies for AI agents and Model Context Protocol (MCP) servers throughout the enterprise. Prompt injection attacks, compromised tool responses, and combinations of risk factors can redirect an agent s behavior mid-session, coercing it into actions its policy nominally allows but its actual task does not require.
Key takeaways:
Original source: https://www.helpnetsecurity.com/2026/06/02/noma-brings-visibility-and-access-governance-to-ai-agents-and-mcp-servers/
Signal criticality: High
What happened: SecurityWeek reported that illustrating the current problem, Offroad has produced and published (available from its site) a detailed audit report of 2,890 public OAuth applications on Google Workspace Marketplace and GitHub Marketplace. The audit finds that 918 apps (32%) carry at least one structural exposure signal: from scopes wider than the app s stated function, AI with write access, threat-intel flags, dead publisher websites, buyable or pending publisher domains, and brand-leading app names published by third parties.
Key takeaways:
Original source: https://www.securityweek.com/offroad-emerges-from-stealth-with-7-million-to-tackle-enterprise-identity-risk/
Signal criticality: High
What happened: Microsoft Security Blog published "Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us". A surge in real-world attacks against agentic AI systems is reshaping how we think about risk. Based on 12 months of red teaming, this update introduces seven new failure modes, from supply chain compromise to goal hijacking, and the practical mitigations teams need now The article focuses on governance, identity, guardrails, or permission boundaries around AI agents that can act with real system access. The practical question is what permissions, connected data, or follow-on actions this signal can influence in a real deployed workflow.
Key takeaways:
Original source: https://www.microsoft.com/en-us/security/blog/2026/06/04/updating-taxonomy-failure-modes-agentic-ai-systems-year-red-teaming-taught-us/
Signal criticality: High
What happened: Backslash Security published that don t Let the Lobster Fool You: OpenClaw Security Risks Explained - Backslash --> --> Back to Blog Don t Let the Lobster Fool You: OpenClaw Security Risks Explained - June 4, 2026 Rani Osnat - June 4, 2026 OpenClaw is an open-source AI agent designed to operate as a personal assistant. Researchers have identified many OpenClaw deployments running with unsecured defaults, weak authentication, exposed interfaces, and overly broad access.
Key takeaways:
Original source: https://www.backslash.security/blog/openclaw-security-risks-explained
The strongest signal today is that AI security is being decided in the surrounding control layer — permissions, connectors, deterministic workflow design, response speed, and the infrastructure that still underpins trust. That is a more durable framing than generic agent hype, and it is the one worth carrying forward.