Pipelock Blog
Security research and practical guidance for AI agent systems.
Pipelock is an open-source security harness that sits between AI agents and the outside world. It scans for secrets, blocks exfiltration, and monitors file integrity in multi-agent workspaces.
Securing Claude Code with Pipelock
February 10, 2026
Every MCP server response flows directly into Claude Code’s context window. If any of those servers return a prompt injection payload buried in otherwise-normal content, the agent processes it without question. Your API keys, tokens, and credentials can leave through an outbound HTTP request before you notice anything happened.
283 ClawHub Skills Are Leaking Your Secrets. VirusTotal Can’t Fix This.
February 09, 2026
Snyk just published research showing that 283 out of 3,984 ClawHub skills, roughly 7.1% of the entire registry, contain critical security flaws that expose API keys, passwords, and even credit card numbers through the LLM context window.
Lateral movement in multi-agent LLM systems
February 08, 2026
A security gap nobody is patching