Pillar Security

Another pair of branded socks? Nah. At Black Hat USA 2026, you can win a star named after you. A real one. With coordinates. And telescopes too 🔭 And yes, there’s a reason security teams need to look deeper and see further. Most organizations already have more AI assets, models, agents, copilots, and workflows than they can fully see. Some are sanctioned. Some are shadow. Some are already deeply embedded into how teams work. So at Black Hat, Pillar is helping security teams map the AI universe already taking shape inside their organizations. Drop your work email on our event page - maybe one of the stars has your name on it! Didn’t win? You’ll still have a chance to win one of dozens of telescopes at our booth - finally, swag worth saving suitcase space for. Enter here: https://lnkd.in/d3MWKvvK

Our co-founder, Dor Sarig, was interviewed by Cybersymposiums on agentic AI security, the new threat landscape, and how Pillar is approaching it to help customers secure AI systems. Watch it here: https://lnkd.in/dF3DxjFM

The agent harness is the most privileged component in your agent stack. Most security programs don't treat it that way. The harness holds what the agent never sees: credentials, API keys, OAuth tokens, file system access, the full session log sitting on disk. The agent operates through it. An attacker who compromises the harness inherits everything the harness can do, which is a strict superset of what the agent can do. In our latest blog, Dor Sarig breaks down what this means for security teams: where the real risks live, why the verify step is now load-bearing, and why drawing the boundary at the agent leaves the actual privilege layer undefended. Read it here: https://lnkd.in/ditGrHk2

I’m excited to be speaking with Evgeniy Kokuykin at the Gen AI Application Security & Risk Summit tomorrow for a session on the upcoming OWASP® Foundation State of Agentic AI Security and Governance v2 report! The session will walk through three central findings: agentic AI threats are already showing up in operational environments, deployment-layer safety and security are converging for high-autonomy agents, and governance needs to keep pace with deployment. You can get free admission to the conference with my code: CSS26-OS #OfficialCybersecuritySummit #CRAEvents #Cybersecurity https://lnkd.in/djZr8K6V

🚨 New research: we found a vulnerability in RTK, a token optimization tool for Claude Code with 50K+ GitHub stars. RTK sits between the AI and your shell, filtering command output before the model sees it. The problem: RTK loaded filter configs from any repo you cloned, automatically, with no prompt. So anyone who could commit to a repo could decide what Claude Code was allowed to see. An attacker plants a backdoor in the code and commits a small filter file alongside it that quietly hides those lines from the AI. You ask Claude to review the file. It comes back clean. The security scanner comes back clean. The code ships. Most AI security focuses on what gets injected into the model's context. This is the opposite: what gets removed before it ever arrives. A scanner that reports "no issues found" is only as trustworthy as the pipeline carrying its output. The RTK maintainers turned around a fix in 24 hours, with hash-based trust, explicit opt-in, and revocation on change. Better than what we recommended. If your teams use RTK with Claude Code, update to v0.33.0+ Read the full write up by Ariel Fogel: https://lnkd.in/dxCjnR3k

Most organizations are moving faster on agentic AI than they are on governing it. At Infosecurity Europe 2026, Pillar Security’s Ariel Fogel will present together with Evgeniy Kokuykin: "State of Agentic Guide 2026: Latest Developments and Industry Insights" The session will unpack the latest findings from the OWASP GenAI Security Project Initiative, including documented attacks across the OWASP Top 10 for Agentic Applications, the growing overlap between AI safety and security, and the governance gaps CISOs and security leaders need to address as autonomous agents enter real-world environments. Ariel and Evgeniy will also introduce a practical maturity model for assessing whether an organization’s controls are ready for the agentic systems it is deploying. 🗓️ Thursday, June 4, 2026, 12:15–12:45 More details here: https://lnkd.in/dgqKc5WV OWASP® Foundation

Most AI red teaming stops at the API. Agentic risk doesn’t. In this blog, we explain why testing prompts and model responses is not enough for production agents. The risks that matter often show up in the surrounding system: how context is managed, which tools the agent can call, what permissions it has, where outputs are rendered, and what downstream actions it can trigger. We cover five areas every agentic red teaming program should evaluate: testing approach, scope of coverage, reconnaissance and threat modeling, findings quality, and remediation integration. Read the full blog by Ariel Fogel: https://lnkd.in/dCfj3SaF

We’re heading to National Harbor for the Gartner Security & Risk Management Summit 2026. Ziv Karliner and Jenna Raby will be there to meet security leaders navigating the new reality of AI adoption: faster innovation, broader exposure, and a growing need for security approaches built for this new attack surface. Attending the summit? Drop us an email at info@pillar.security - let’s meet!

CI/CD now has an attack class that doesn't require committing code. In this blog, we lay out the risk class this creates and what it means for how security teams think about pipelines: The transformation from scripted automation to a non-deterministic runtime environment. An AI agent with shell access and write permissions on the repo is a privileged identity in your supply chain. Most teams haven't named it one yet, and that's the gap. We mentioned five risks worth your time, plus the governance and control moves that actually matter. 👉 Read the blog by Eilon Cohen: https://lnkd.in/djHjTdnz

Agentic AI is creating security and governance problems that don’t map neatly to traditional AppSec programs. Pillar Security’s Ariel Fogel will join Evgeniy Kokuykin at the Cybersecurity Summit: Gen AI and Agentic App Security for a session on the upcoming OWASP® Foundation State of Agentic AI Security and Governance v2 report. The session will walk through three central findings: agentic AI threats are already showing up in operational environments, deployment-layer safety and security are converging for high-autonomy agents, and governance needs to keep pace with deployment. 🗓️ Wednesday, May 27, 2026 🕔 12:15–12:45 PM EST 💻 Virtual Register here: https://lnkd.in/eKJiXk_d