This week in the Wild West Roundup:

2026-05-26 · Bits and Bobs 5/26/26

This week in the Wild West Roundup:
- Critical 'Claw Chain' Vulnerabilities Put Thousands of OpenClaw AI Servers at Risk.
- The Register: Minor edits to AI skills can make agents go rogue.
- How prompt injection broke Nvidia's sandboxed OpenClaw agent.
  - "Research into Nvidia's NemoClaw reveals that sandboxes don't stop AI agents like OpenClaw from leaking data.
  - We need to rethink security from first principles."
- Paper: Blind Spots in the Guard: How Domain-Camouflaged Injection Attacks Evade Detection in Multi-Agent LLM Systems.
- Paper: Hidden Signals Can Hijack AI Voice Systems.
- Anthropic Silently Patches Claude Code Sandbox Bypass.
  - "The researcher who found it says the vulnerability could have been chained with a prompt injection to exfiltrate data."
- The AI backdoor your security stack is not built to see.
  - "The attack, called MetaBackdoor, hides its trigger in something no content filter is built to inspect: the length of the input.
  - An attacker with access to a model's fine-tuning data poisons it with examples that pair long inputs with malicious outputs.^[k]
  - The model learns to switch into attack mode whenever an input crosses a length threshold."

More on this topic

From other episodes