This week in the Wild West Roundup.

2026-06-15 · Bits and Bobs 6/15/26

This week in the Wild West Roundup.
- Securing CI/CD in an agentic world: Claude Code Github action case.
  - "Microsoft Threat Intelligence discovered that Anthropic's Claude Code GitHub Action could expose CI/CD workflow secrets when AI agents process untrusted GitHub content, including issue bodies, pull request descriptions, and comments.
  - We found that while Claude Code Action supported environment scrubbing for subprocess execution paths such as Bash, the Read tool was not subject to the same sandboxing model.
  - It was eventually authorized to access /proc/self/environ, reading the workflow's ANTHROPIC_API_KEY and potentially other credentials available to the runner."
- A new attack: A Fake Bug Report Hijacks Your AI Coding Agent – and Nothing Catches It.
- Another new attack: Phishing for Lobsters: How We Tricked OpenClaw into Spilling Secrets.
- Yet another new attack: Compromise OpenClaw with Prompt Injections in Message Objects.
- Indirect Prompt Injection remains a fundamental security challenge for AI.
  - Brave browser discovers that no agentic browser has solved this problem.
- A new technique: dangerous worms say forbidden things so the LLMs in security scanners will stop scanning them.
- What the OpenClaw vulnerability reveals about the future of agentic AI security.
  - "Why AI agents introduce a new security model"
- WebMCP Can Be Used To Hijack AI Agents, Chrome Warns.
  - "Chrome's WebMCP guidance warns that AI agents can be manipulated through the tools they are built to trust."

This week in the Wild West Roundup.

More on this topic