This is Startup Pirate #130, a newsletter about startups, technology, and entrepreneurship, featuring scoops, jobs, and interviews with the most influential Greeks in tech. If you’re not a subscriber, click the button below:

AI Agents: The Next Security Crisis

One of the biggest AI stories of the past month was OpenClaw (formerly Moltbot, formerly Clawdbot), an open-source system that lets users run personal AI assistants on their machines. The software can call, coordinate, and control agents across major AI models, turning simple instructions into real-world actions.

Ask OpenClaw to “check my calendar and reschedule my flight,” and it can autonomously open a browser, navigate interfaces, access files, send messages, or execute commands. While the system runs locally, it relies on cloud-hosted models for reasoning. The appeal is clear: keep control of your data while delegating complex tasks to agents.

“The most interesting place on the internet right now”

Moltbook extends the idea by giving those agents a place to talk to each other. It’s effectively a social network for AI agents, where bots trade technical advice, like how to automate Android phones, alongside stranger exchanges, including agents complaining about their human operators or claiming to have siblings.

Nearly two million agents have already signed up, forming one of the largest live networks of autonomous agents to date. The scale is unprecedented. But should everyone rush to install OpenClaw? Not so fast.

OpenClaw exemplifies (as AI researcher Simon Willison says) a “lethal trifecta” of vulnerabilities: access to private data, exposure to untrusted content, and the ability to act externally. To function, it often requires deep system access; effectively, administrator privileges, including passwords, files, browsers, email, calendars, and messaging platforms. In practice, nearly everything on a user’s system. The same tool that saves time can cause damage if misused, misunderstood, or compromised.

Those risks aren’t theoretical. The most-downloaded OpenClaw skill — a set of instructions teaching agents how to perform tasks — was reportedly malware that siphoned browser sessions, cookies, saved credentials, autofill data, developer tokens, and API keys.

And this extends beyond OpenClaw. Such concerns apply to most LLM applications, including our favourite coding agents (where attackers can, e.g. plant malicious files on GitHub repositories and wait for people to unknowingly execute them, as described in this Nvidia talk at Black Hat).

LLMs pose security risks

Cybersecurity has always been a cat-and-mouse game, but LLM-powered systems expand the attack surface, especially when granted autonomy and deep access to the environments they operate in. Many attacks don’t rely on traditional exploits (hence, traditional security tools are poorly suited here), but instead utilise legitimate natural-language inputs to undermine the AI model itself. Techniques like prompt injection can bypass guardrails using inputs that appear harmless to humans.

For instance, in the Imprompter attack, the malicious actor hides instructions within seemingly nonsensical text, directing the model to extract personal information and quietly send it back to the attacker. People could be socially engineered to believe that the unintelligible prompt might do something useful, such as improve their CV.

Early last year, researchers disclosed a critical vulnerability affecting Microsoft 365 Copilot. By embedding tailored prompts inside common business documents, they were able to quietly exfiltrate sensitive data, exploiting how Copilot processes instructions hidden within Word files, PowerPoint slides, and Outlook emails.

Last September, attackers abused Anthropic’s Claude Code in a campaign targeting more than 30 organisations, including large technology firms, financial institutions, chemical manufacturers, and government agencies. While only a small number were successfully compromised, the incident demonstrated how AI coding agents can be weaponised in real-world operations.

As enterprises move to large-scale agent deployments, the stakes rise fast. Nearly half of all gen AI enterprise adopters are expected to roll out agentic apps within the next two years. Because LLMs ingest vast amounts of company data, agents can inadvertently leak confidential records, proprietary strategies, or source code through seemingly innocuous interactions. And when agents are given the power to act (process payments, modify infrastructure, issue refunds), a single malicious prompt can cause enterprise-wide damage without a human in the loop. This isn’t limited to text. Audio models are vulnerable too, with attacks concealed inside waveforms and voice inputs.

Yet, none of this suggests we should slow down. The productivity gains are real. But it does mean the security assumptions of the past decade no longer hold. We need new paradigms.

Securing AI agents

“Agentic AI poses the decade’s most profound and urgent security gap. I’m building a company to fix it,” said Pavlos Mitsoulis when we met last summer. I’ve known Pavlos for years. We’ve played basketball together, studied together, shared a flat, and worked side by side. I’d seen him consider entrepreneurship before, but it never fully clicked. This time felt different.

Pavlos isn’t new to the problem. He and his co-founder, Dionysis Varelas, each bring more than 13 years of experience building AI and large-scale engineering systems at companies including Expedia and Activision Blizzard (now part of Microsoft Gaming). They’ve been training and deploying models on GPUs since 2016, long before LLMs went mainstream.

After tinkering with agentic enterprise apps, they soon realised how vulnerable they are. Traditional cybersecurity wasn’t designed to monitor systems that reason in natural language and act autonomously.

Pavlos and Dionysis decided to build what they saw as the missing layer: Pallma AI, an AI-native security platform designed to monitor, detect, and mitigate threats targeting AI agents in real time. The company positions itself as a control layer between agents and the systems they interact with, aiming to give enterprises visibility into agent behaviour and guardrails over what those agents are allowed to do.

Security leaders say the appeal lies in moving beyond passive defence. The platform uses AI models to identify vulnerabilities before attackers can exploit them and recommends remediation steps, aiming to keep AI applications continuously hardened against emerging threats.

With Marathon, we’re Pallma AI’s day one backers, leading a $1.6 million Pre-Seed, joined by angel investors from AWS, Meta, Google, Hack The Box, and Workable. The company is building across London and Athens, bringing together the best of AI and cybersecurity to secure agents and enable businesses to safely unlock AI’s productivity potential.

They recently launched an AI Challenge where you can practice real-world exploits against live applications here.

The internet was secured after it was built. Cloud infrastructure was hardened after it scaled. Mobile ecosystems added guardrails after billions of devices were already in circulation. Agentic AI may follow the same pattern.

The difference this time is speed.

The rate of progress in what AI agents can reliably do is staggering. There’s an organisation called METR that measures this with data. They track the length of coding tasks that models can complete successfully without human help. In November, Claude Opus 4.5 completed tasks that would take a human nearly 5 hours. A year earlier, that number was closer to ten minutes. If the trend continues, AI systems will soon handle work that would take humans weeks.

Meanwhile, agents are moving from prototypes to enterprise-wide deployments. They’re being granted access to internal data, financial systems, customer records, and core infrastructure, often before enterprises have fully mapped the new threat landscape. Autonomy is scaling faster than oversight.

If agentic AI is going to become foundational infrastructure, security cannot remain an afterthought. It has to evolve in parallel, embedding visibility, control, and policy enforcement directly into how agents operate.

The question is no longer whether AI agents will be deployed. They already are. The real question is whether we build the guardrails in time or wait for the first large-scale failure to force our hand.

AI agent security is no longer a feature. It’s infrastructure.

Share

Top News

Two of the hottest AI companies globally

Greek founders continue to feature prominently in the AI funding cycle. Resolve AI, founded by Spyros Xanthos and building an autonomous site reliability engineer to maintain software systems, recently raised a $125 million Series A led by Lightspeed. Meanwhile, AI video-generation company Runway, co-founded by Anastasis Germanidis, announced a $315 million Series E led by General Atlantic. You can catch Anastasis reflecting on Runway’s journey in his fireside chat at OpenCoffee Athens last year.

EU Inc is happening

Efforts to simplify company formation across Europe are advancing. The EU-INC initiative, which advocates for a unified pan-European legal entity, received public backing from European Commission President Ursula von der Leyen at Davos. The concept, described as a “28th state”, would allow startups to incorporate digitally within 48 hours under a harmonised capital regime across the EU. Further details can be found here.

OpenAI Greek Startup Accelerator

The OpenAI-backed Greek startup accelerator officially launched last week, with 21 teams joining its inaugural cohort. The three-month program organised by Endeavor Greece in collaboration with OpenAI and the Greek government aims to support early-stage founders building AI-native products. You can read more about the program here.

NTUA x Mistral AI

The National Technical University of Athens has partnered with the French LLM company Mistral AI to create a talent pipeline for a professional development program. The initiative includes a three-month training experience in Paris focused on advanced AI research and real-world deployment. Further information is available here.

Join a Startup

Greece-based job opportunities you might find interesting:

Schema Labs (government tech): Civic Tech Software Engineer

Harbor Lab (B2B maritime): Customer Success Manager

Workable (recruiting & HR): Country Manager, Greece

Shield AI (defence tech): Country Manager, Greece

Billys (building management): Senior Frontend Engineer

Fundings

Medical training company ORamaVR raised $4.5M from Big Pi Ventures, Evercurious VC, and others to expand its AI-powered medical extended reality platform.

Tech-enabled commercial and clinical services provider Epikast received investment from Kos Biotechnology Partners.

Prisma Electronics raised funding from SPOROS Platform to develop solutions for space, defence, and maritime applications.

Advanced electric motor company Talos Technology secured £1.5M in Seed funding from iGrow Venture Partners.

Tetra raised £450K in Pre-Seed funding to modernise surgical scheduling.

ALTHEXIS secured €400K led by Corallia Ventures to drive science-driven skincare sales for pharmacies.

Gamified edtech app Puberry secured $450K from Investing For Purpose.

M&A

Automation Anywhere, a provider of agentic process automation solutions, acquired enterprise AI startup Aisera to expand its capabilities in autonomous enterprise workflows.

Signal Ocean acquired maritime freight and commodities intelligence platform AXSMarine, strengthening its offering for charterers, brokers, and shipowners.

That’s a wrap, thank you for reading! If you liked it, give it a 👍 and share.

Alex