Aggregator

Kong has announced Kong Context Mesh, a product that automatically discovers enterprise APIs, transforms them into agent-consumable tools, and deploys them with runtime governance. “Organisations have spent years building APIs as the nervous system of the enterprise. Context Mesh allows them to reuse that investment to power agents instead of starting from scratch,” said Marco Palladino, CTO of Kong. “The challenge is that agents are only as good as the enterprise context they can reach. … More →

The post Kong launches Context Mesh to turn enterprise APIs into agent-ready tools appeared first on Help Net Security.

You must login to view this content

The MEGA Act and SAVE Act would dramatically transform U.S. election laws in a quest to curb election fraud. Audits and experts say improprieties are extremely rare.  

The post GOP Congress moves to shape election law in Trump’s image appeared first on CyberScoop.

There is a lot of talk about Skills recently, both in terms of capabilities and security concerns. However, so far I haven’t seen anyone bring up hidden prompt injection. So, I figured to demo a Skills supply chain backdoor that survives human review.

Additionally, I also built a basic scanner, and had my agent propose updates to OpenClaw to catch such attacks.

Skills introduce common threats, like prompt injection, supply chain attacks, RCE, data exfiltration,… This post discusses some basics, highlights the most simple prompt injection avenue, and shows how one can backdoor a real Skill from OpenAI with invisible Unicode Tag codepoints that certain models, like Gemini, Claude, Grok are known to interpret as instructions.