Clickfixed, Zero Trust World, and OpenClaw is out of control – but that’s the point – Rob Allen – ESW #445
Interview Segment - Rob Allen - Clickfix
"Clickfix" attacks aren't new, but they're certainly more common these days. Rob Allen joins us to help us understand what they are, why they work on your employees, and how to stop them! We tie it into infostealers and ransomware actors. Plenty of practical recommendations for how to spot and prevent these attacks in your environment, don't miss it!
This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!
Interview Segment - Rob Allen - Zero Trust World
Threatlocker's 6th annual Zero Trust World event is happening next month! This three day event runs from March 4th through the 6th once again in sunny Orlando, Florida.
This year's event is packed with hands-on hacking workshops, competitions, prizes, and keynotes from Marcus Hutchins, and Linus and Luke from Linus Tech Tips. Security Weekly will be there as well, doing live interviews and recording an episode of ESW live!
This segment is sponsored by ThreatLocker's annual Zero Trust World. Visit https://securityweekly.com/ztw to learn more about the conference and register with discount code ZTW26ESW!
News Segment
For this week's enterprise news, we discuss
- OpenClaw!
- funding!
- acquisitions!
- testing out AI models’ offensive security capabilities
- more openclaw!
- the need for more transparency and testing in the vendor space
- A photobooth service leaks drunken pictures of wedding parties
- The salty snack that helps server uptime
All that and more, on this episode of Enterprise Security Weekly.
Rob Allen, Chief Product Officer of ThreatLocker, is an IT Professional with three decades of experience assisting small and medium enterprises embrace and utilize technology. He has spent the majority of this time working for an Irish-based MSP, which has given him invaluable insights into the challenges faced by businesses today. Rob’s background is technical – first as a system administrator, then as a technician and an engineer. His broad technical knowledge, as well as an innate understanding of customers’ needs, made him a trusted advisor for hundreds of businesses across a wide variety of industries. Rob has been at the coalface, assisting clients in remediating the effects of, and helping them recover from cyber and ransomware attacks.
Security Weekly listeners save $100 on their RSAC 2026 All Access Pass! RSAC 2026 Conference will take place March 23rd to March 26th in San Francisco. To register using our discount code, please visit securityweekly.com/rsac26 and use the code 56U5SECWEEKLY! We hope to see you there!
Most security conferences talk about threats. Zero Trust World lets you attack them. From March 4th to 6th, 2026 in Orlando, Florida, this hands-on cybersecurity event features live hacking labs where you’ll break real environments, think like an adversary, and learn how attacks really work. You’ll also get expert sessions, real-world case studies, CPE credits, and networking with top practitioners. And yes — the Security Weekly team will be there too. Don’t miss it! Register today at securityweekly.com/ZTW.
Adrian Sanabria
- FUNDING/M&A: Courtesy of the Security, Funded newsletter, issue #229 – We Finally Defeated January
VIBE CHECK
How much do you actually care if a security product is using AI vs. not?
- 46% - Only if it's actually better
- 31% - I don't care, just show me it works
- 23% - AI claims make me more suspicious
- 0% - It's a key factor
FUNDING
- Upwind Security, an Israel-based cloud native application protection platform, raised a $250.0M Series B from Bessemer Venture Partners.
- Outtake, a United States-based agentic AI security platform focused on defending against identity-based attacks and phishing, raised a $40.0M Series B from ICONIQ Capital.
- Mesh Security, an Israel-based cybersecurity platform that provides advanced protection and threat detection capabilities, raised a $12.0M Series A from Lobby Capital.
- Rein Security, an Israel-based runtime application security monitoring platform, raised a $8.0M Seed from Glilot Capital Partners.
ACQUISITIONS
- Pynt, an Israel-based dynamic API security testing platform, was acquired by Radware for an undisclosed amount. Pynt had previously raised $6.0M in funding.
- Alert Logic, a United States-based managed security operations center (MSOC) platform, was acquired by LevelBlue for an undisclosed amount. Alert Logic had previously raised $399.9M in funding.
- NEW TOOLS: RedSage: A Cybersecurity Generalist LLM
- ESSAYS: Agentic Models, Part 2
From our very own Katie!
Part 2, from her previous piece on agentic browsers.
- TRENDS: From magic to malware: How OpenClaw’s agent skills become an attack surface
OpenClaw is unhinged and out of control. It has given AI agents their own social media, trading desks, and DATING sites.
It's also pretty risky from a security point-of-view.
We'll spend some extra time talking about what it is, what to look out for and worry about, and how to harden/secure it or detect it and rip it out of your enterprise before it gets you pwned!
Adrian's OpenClaw research notes: https://defendersinitiative.notion.site/OpenClaw-fka-ClawdBot-Moltbot-2fd1e58672bd802fb2b2f047ebc7e140?source=copy_link
- BREACHES: Fintech firm Marquis blames hack at firewall provider SonicWall for its data breach
- REPORTS: Testing AI Agents on Web Security Challenges: What We Learned – Irregular
Different models are tested using offensive security techniques to exploit real vulnerabilities.
- REPORTS: Allianz Risk Barometer
- REPORTS: Global Cybersecurity Outlook 2026
- SQUIRREL: Kuai Kuai 乖乖 snacks and their secret uptime powers
