Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Encrypted data has a shelf life, and for many organizations it must remain secret for years. The post-quantum risk is not a dramatic collapse of encryption, but a quieter threat: attackers harvesting encrypted traffic today so they can decrypt it in the future. That is why post-quantum readiness is increasingly a board and CEO-level responsibility, with the CISO leading execution, because quantum risk threatens long-term business stability, compliance expectations, and trust.

AI agents aren’t applications. They’re employees. So why are we treating them like applications? AI agents don’t behave like classic applications. They access systems. They make decisions. They operate continuously. They interact with humans and other systems without being explicitly triggered each time. That’s not automation. That’s not scripts. That’s a digital worker.

Cato CTRL’s Vitaly Simonovich (senior security researcher) has identified a threat actor selling root shell access to a UK-based automation company through a compromised AI personal assistant based on OpenClaw.

On a quiet Tuesday morning, Jerry, a fictional system administrator, logged in as usual. While testing a new integration script, he visited a documentation page on an unfamiliar domain. It looked harmless and loaded without issue, but behind the scenes, Jerry’s laptop began making a series of small outbound requests to several low-reputation domains. None of these connections were malicious enough to be blocked, yet the pattern resembled early-stage domain-flux activity.

Jeremy, the Head of IT, thought it was a normal Monday until his help desk was overwhelmed with login complaints. 37 employees couldn’t log in. Password resets were happening that nobody could explain, and some devices seemed to vanish from the identity directory. The worst part was that the identity logs did not show a clear break-in. There was no obvious malware and no dramatic spike, only routine-looking admin activity.

Cato CTRL has identified a previously undocumented malware loader we track as “Foxveil.” We observed evidence that the malware campaign has been active since August 2025, and we observed two distinct variants (v1 and v2). Foxveil behaves like a modern initial-stage loader: it establishes an initial foothold, frustrates analysis, and retrieves next-stage payloads from threat actor-controlled staging hosted on Cloudflare Pages, Netlify, and, in some cases, Discord attachments.

Agentic AI burst into public consciousness this week with talk of Moltbook – a social network designed for AI agents built on OpenClaw (formerly Clawdbot and Moltbot). The resulting conversations about identity, forming a new religion, social engineering humans, and more between bots have sparked alarms everywhere. For IT leaders, one thing is clear: AI crossed a meaningful threshold.

Dr. Carter finishes a long shift at the hospital, exports a patient X-ray as a regular image file, and drags it into an AI assistant to double-check a diagnosis. The image included the patient’s name and ID. Across town, Jason, a travel agent, scans a stack of passports and uploads the images to an AI tool to automatically fill bookings. In a support center, Sarah snaps a quick photo of a credit card and sends it to an AI service to avoid retyping the number.

Imagine a new city that promises cheap housing and ultra-modern infrastructure. People move in, only to discover that the roads are constantly jammed, power cuts happen every evening, water pressure drops without warning, and there are no cameras or sensors to detect where things are breaking. There is no central control room to test changes safely before the next “improvement” hits the streets. It does not matter how attractive the city looked on paper.