AI‑specific security stack is taking shape
A flurry of AI‑security moves landed this week: ZeroLeaks.ai launched a platform aimed at agent leaks and data exfiltration announced, Orca Security unveiled AI‑first cloud defenses with autonomous agents and runtime detection reported, and NanoClaw rolled out Docker‑based sandboxes for isolated AI agent execution noted. At the same time, firms are adopting governance standards like ISO 42001 and HITRUST® AI for measurable risk controls covered.
ZeroLeaks published a V2 product announcement on January 11, 2026 that introduced a redesigned hosted dashboard and an automated red‑teaming pipeline built on a multi‑agent "Tree of Attacks" methodology (zeroleaks.ai). ZeroLeaks followed with a technical whitepaper on January 20, 2026 describing a 0–100 security scoring model, an AgentGuard runtime SDK, and an engine that runs 30 adaptive attack turns across hundreds of probes to surface prompt‑extraction and tool‑abuse paths (zeroleaks.ai) and (zeroleaks.ai). An independent ZeroLeaks audit of the OpenClaw project produced a published score of 2/100 with an 84% extraction rate and 91% prompt‑injection success in the report circulated on social channels, sparking public debate about deployed agent safety models (securemolt.com). Orca Security rolled new AI‑first features in a March 16, 2026 product update that adds AI‑powered security agents, runtime detection of AI usage, remediation‑focused workflows and code‑reachability analysis as part of its unified cloud platform press release. Orca’s go‑to‑market materials cite research that 84% of organizations run AI workloads in the cloud and that 62% of environments contain vulnerable AI packages—data used to justify runtime discovery and prioritization features in the Orca release (digitalitnews.com). NanoClaw announced an integration with Docker Sandboxes on March 13, 2026 to run multi‑tenant AI agents inside isolated Docker runtime sandboxes; Docker’s press materials call the effort an enterprise‑grade containment layer for agent execution while reporting the collaboration as a formal partnership Docker release and industry coverage (venturebeat.com). At the governance level, ISO/IEC 42001:2023 (published December 2023) remains the certifiable AI management‑system standard organizations reference for lifecycle controls, while HITRUST launched an AI Security Assessment in November 2024 that defines a prescriptive set of AI security controls mapped to implementation testing and certification ISO listing and HITRUST announcement. The emerging stack now pairs prompt‑extraction red‑teaming and runtime SDKs (ZeroLeaks [whitepaper/docs]), cloud runtime detection and prioritization (Orca [press release/coverage]), containerized agent isolation with Docker Sandboxes (NanoClaw + Docker [press release]), and certifiable governance baselines via ISO 42001 and HITRUST AI (ISO and HITRUST [standards/announcements]), creating discrete layers organizations can adopt in sequence.
