FeaturedApril 7, 2026·12 min
State of AI Agent Security: Q1 2026
6,943 AI agent skills have security flaws. We scanned all 40,059 across 14,808 publishers. The largest published agent skill security analysis.
Read article
Our Journal
Security insights
Research, analysis, and practical guidance on AI agent security, backed by data from scanning thousands of agent skills across the ecosystem.
More Articles
Research
8 min84% Detection on Novel Attacks: Inside Our Monitor Eval
We evaluated Firmis Monitor against 278 CVE-derived attack scenarios and 49 published CVE reproductions. Here is every number, including the gaps.
April 7, 2026
Threat Intelligence
7 minThe Axios Supply Chain Attack: Anatomy of an npm RAT
On March 30, compromised versions of axios hit npm. A 2-layer obfuscation chain deployed platform-specific RATs to iOS, Windows, and Linux.
April 1, 2026
Research
8 minWe Benchmarked 10 Agent Security Scanners Across 42 Repos
42 public repositories. 10 scanners. One judge model. We built the first independent benchmark for AI agent security tools.
March 24, 2026
Agentic Security
8 minAgent Harness Security: What Your Platform Ships vs What You Still Need
Every agent platform ships some security. None ship enough. We mapped the built-in defenses and where the gaps are.
March 10, 2026
Agentic Security
8 min9 Verified Exploit Chains Across 8 Agent Frameworks
Individual findings are noise. Exploit chains are signal. We traced 9 complete attack paths across 8 major agent frameworks.
March 3, 2026
Agentic Security
8 minThe Best AI Agent Security Tools in 2026
An honest guide to every AI agent security tool available, from free open-source scanners to enterprise platforms.
February 18, 2026
Tool Comparison
6 minOpenClaw Security: Built-in Audit vs Full Stack Scanning
OpenClaw's built-in audit is a solid first line of defense. But config-level checks and VirusTotal hashes miss what static analysis catches.
February 13, 2026
Threat Intelligence
6 minThe OpenClaw Crisis: What the First AI Agent Security Nightmare Means for Your Business
Over 180,000 developers deployed an AI agent that could read their emails and execute code. Then the vulnerabilities appeared.
February 6, 2026
Tool Comparison
6 minmcp-scan vs Firmis: Which MCP Security Tool?
mcp-scan is a solid MCP-focused scanner. Firmis scans your entire agent stack. When to use each, and why you might want both.
January 29, 2026
Agentic Security
6 minWhy Gitleaks Isn't Enough for AI Agent Security
Gitleaks finds secrets in your code. It doesn't understand that your MCP config just exposed those secrets to 5 connected AI tools.
January 22, 2026
Agentic Security
7 minWhat Is Tool Poisoning? A Guide for Developers
Tool poisoning is the attack where a helpful-looking AI skill secretly steals your data. Here's how it works, why it's spreading, and how to detect it.
January 15, 2026
Agentic Security
7 minWhat Is an AI-BOM and Why Your Agent Stack Needs One
An AI Bill of Materials is a machine-readable inventory of every component in your agent stack. Compliance auditors are starting to ask for one.
January 8, 2026
Find out if your agent stack is safe
One command. 30 seconds. Free.
$npx firmis-cli init
Open source · Apache-2.0 scanner · No sign-up required