Oktsec

AI agents are moving into real company workflows. They write code, call tools, load MCP servers, run commands, use authenticated CLIs, install packages and connect to internal systems, workflows and data. That changes the security problem. Companies do not only need to know whether a model is safe. They need to know what the agent can access, what rules apply to its work and what evidence exists after the work is done. That is what we are building at Oktsec. Access. Policy. Evidence. A local-first cybersecurity layer for AI agents. The open source product gives developers local control from day one. Oktsec Enterprise extends that into a control and evidence layer for teams and companies adopting agents in real environments. No LLM in the critical security path. No cloud dependency by default. Reviewable by design. AI-agent work needs to become governable before it becomes invisible infrastructure.

Aguara keeps moving. These last releases were less about adding noise and more about making the tool practical for real teams: easier to adopt in CI, safer when using fresh intel, and better at checking dependencies before they run. Highlights: - teams can now baseline existing scan results and fail only on new risk fresh advisory data is signed and verified before Aguara trusts it - npm projects get stronger pre-install coverage across package-lock, pnpm and Yarn classic - Python and Rust package checks now bind suspicious behavior more precisely - the embedded advisory snapshot is smaller and easier to maintain Coming next: - clearer freshness signals for local intel - deeper JavaScript analyzer work - more coverage for agent and supply-chain workflows Aguara is open source. https://t.co/8AS2N1k5v8

Aguara. Security scanner for AI agents and software supply chains. Detects prompt injection, MCP risks, tool poisoning, unsafe GitHub Actions, secret exfiltration, and compromised packages across npm, pnpm, PyPI, Go, Rust, PHP, Ruby, Java, and .NET. Local-first, no SaaS or LLM calls. https://t.co/mGQfN5tdnA

litellm was compromised on PyPI. 97 million monthly downloads. .pth file executes on every Python startup. Exfiltrates SSH keys, cloud creds, K8s secrets. Encrypts with RSA. Creates privileged pods across your cluster. Installs systemd persistence. MCP clients like Cursor auto-download deps via uvx without version pins. That's how the discoverer got hit. Find out if you're compromised in 60 seconds with Aguara: brew install garagon/tap/aguara aguara check aguara clean Scans Python environments + uv/pip/npx caches. Shows what it found, asks confirmation, quarantines for forensics. Prevent on MCP servers: aguara scan /path/to/server/ --severity high https://t.co/1bUW81qkxl

Gambit Security published a case where an attacker used Claude (Anthropic's model) against Mexican government infrastructure. The prompts were all in Spanish, directing the model to do recon, find weaknesses, and write exfil scripts. The attacker basically used an LLM as a junior pentester. Find the vuln, write the exploit, automate the data grab. The barrier to pulling off something like this has collapsed. Real question for AI companies: are the guardrails actually working? Because this attacker apparently got enough output to compromise government systems. That should bother everyone building these models. Governments that haven't war-gamed AI-assisted attacks against their infrastructure are behind. Red teams need AI-offensive scenarios in their playbooks now, not next quarter.

Threat actors contact employees directly through Microsoft Teams. They pretend to be IT support or a vendor. Target sectors are finance and healthcare. The play is simple. Talk the victim into opening Quick Assist (built into Windows, Microsoft-signed) to "fix an issue." Once in, they deploy A0Backdoor. Full C2. Persistence, data theft, lateral movement. And because Quick Assist is a legit signed binary, a lot of security tools just wave it through. Fix: restrict Quick Assist via GPO. Lock down external access in Teams. Train your people (yes, again) that IT will never cold-call them on Teams asking for remote access. Monitor for unexpected remote assistance tool execution.