With a digital ID, the actions of automated AI agents could be tracked, verified and audited. Agents that work as digital assistants and coding partners now often have broad permissions, from potentially opening an organization's gate to attackers to being trusted with individual purchases and financial moves. This act by Estonia is the first concrete government proposal of its nature.
While Anthropic has attempted to contain the leak damage with takedown requests, the AI agent's code unsurprisingly spread like wildfire and is now essentially available to anyone willing to look for it. One early development has been promises of the source code as bait via malicious advertisements, but a number of other security and business competition risks loom.
The Oasis researchers document a vulnerability chain that can be initiated from any website the AI agent (or its user) visits, without users needing to interact in any way or being at all aware that they are being compromised. The attack targets the OpenClaw "gateway" that essentially acts as the AI agent's nerve center.
AI agents will change how SOCs work, but they won’t save a broken data foundation. If your telemetry is siloed, your schemas are inconsistent, or your context is missing, you’ll automate noise, not insight.
Anthropic's calls the incident the "first reported AI-orchestrated cyber espionage campaign" and has attributed it with high confidence to a Chinese state-sponsored group it calls GTG-1002. The campaign took place in mid-September and the integration of AI agents for performance of autonomous tasks is described as unprecedented.





