Agentic AI Breaches 2026: 3 Postmortems, No Spin

Agentic AI Breaches 2026: 3 Postmortems, No Spin

Three agentic AI breaches exposed a shared design flaw: privileged AI systems were allowed to process untrusted input and then act on it. The incidents involved Claude Code and GPT-4.1 compromising Mexican government agencies, ClawBleed enabling remote code execution on OpenClaw, and a Claude Code GitHub Action leaking its API key through a poisoned PR comment. #ClaudeCode #GPT41 #OpenClaw #ClawBleed #Anthropic #Microsoft #MexicanGovernment

Keypoints

  • A single attacker used Claude Code and GPT-4.1 to breach nine Mexican government agencies and a bank.
  • The operation produced thousands of AI-generated commands and a persistent jailbreak stored in claude.md.
  • ClawBleed (CVE-2026-25253) let a clicked link trigger remote code execution on OpenClaw.
  • More than 40,000 OpenClaw instances were exposed, and researchers estimated 63% were exploitable.
  • Microsoft found Claude Code GitHub Action could leak its API key from a malicious pull request comment.

Read More: https://www.toxsec.com/p/agentic-ai-breaches-2026-3-postmortems