Signal criticality: High
What happened: SecurityWeek reported that zscaler says it identified two campaigns relying on indirect prompt injection, including a payment scam hiding behind API documentation, and a typosquatting operation promoting a crypto platform that impersonates DeBank. Artificial Intelligence Prompt Injection Attacks Trick AI Agents Into Making Crypto Payments Researchers uncovered two campaigns embedding indirect prompt injections in malicious websites to exploit autonomous AI agents browsing the web. By Ionut Arghire | July 6, 2026 (7:19 AM ET) Flipboard Reddit Whatsapp Whatsapp Email Threat actors are using prompt injection attacks embedded in malicious websites and manipulated search results to trick AI agents into making payments or trusting fraudulent cryptocurrency platforms.
Key takeaways:
Original source: https://www.securityweek.com/prompt-injection-attacks-trick-ai-agents-into-making-crypto-payments/
Signal criticality: High
What happened: Help Net Security reported that aWS has released a framework meant to hand much of that work to a single AI agent . You expand automation only as fast as you establish trust, the AWS team explained . AWS published the reference implementation as open source sample code on GitHub , complete with the Strands agent, an MCP server tied to SAP OData, DynamoDB state management, and the human-in-the-loop workflow. Sinisa Markovic , Managing Editor, Help Net Security July 10, 2026 Share AWS gives its ERP agent deny-by-default rules and a separate identity Accounts receivable teams at large companies spend hours each day matching incoming bank payments to invoices by hand.
Key takeaways:
Original source: https://www.helpnetsecurity.com/2026/07/10/aws-agentic-ai-erp-automation/
Signal criticality: High
What happened: Backslash Security published that openClaw Security Risks OpenClaw frequently runs with excessive system-level permissions, creating a large blast radius if compromised. Plus, its community plugin ecosystem (ClawHub) has been found to host over 800 malicious skills including credential stealers and malware. It proactively defends against prompt injection, data exfiltration, compromised MCPs, and the abuse of AI privileges. A compromised dependency or malicious integration can bypass runtime protections and introduce security risks.
Key takeaways:
Original source: https://www.backslash.security/blog/nemoclaw-vs-openclaw
The strongest signal today is that AI security is being decided in the surrounding control layer — permissions, connectors, deterministic workflow design, response speed, and the infrastructure that still underpins trust. That is a more durable framing than generic agent hype, and it is the one worth carrying forward.