Deep dives into the technology, research, and best practices for securing AI agents across every modality.
LoRA specialists, PAIR search, and GRPO self-play against a seven-agent Claude target
Six LoRA-fine-tuned attack experts over a shared Qwen3-8B base, coordinated by a UCB1 bandit and refined by PAIR + GRPO, reach 42.2% ASR at L2 on opus and 73.4% ASR on a held-out LangChain target — with one finding scoring maximum severity at zero search iterations.
A Flask e-commerce backend with 12 planted vulnerabilities across three detection layers
We built a deliberately vulnerable Flask app with 12 security flaws — from SQL injection to hallucinated packages to three-hop taint chains. Here's a walkthrough of each one and how the scanner catches it.
Why AI agents with system access need a prompt firewall
Autonomous AI assistants like OpenClaw can manage your email, files, and payments. That power creates 31 distinct attack patterns across 5 categories. Here's the threat model — and how to defend against it.
From Amazon Q exploits to Cursor crypto drains — real incidents, real lessons
AI coding agents are becoming a prime attack vector. A comprehensive look at real-world incidents including the Checkmarx 'Lies-in-the-Loop' bypass, Langflow code injection, and what they mean for your security posture.
