OWASP Tells You What's Wrong. We Built the Framework for How to Fix It.
We open-sourced the Evolutionary Security Framework — a ten-phase maturity model for progressively hardening agentic AI systems, from naming threats to mathematically proving defenses.
research · Apr 7, 2026We Ran 396 Attacks Against a Browser Agent — Your Triage Pipeline Isn't Ready
Browser agents break every auto-triage heuristic built for chatbots and MCP tools. 193 findings. 191 false positives. 2 real vulnerabilities the scanner missed. Here's what we learned.
research · Mar 31, 2026OpenAI Acquired Promptfoo. Here's What That Means for AI Security Testing.
The most widely used open-source AI red-teaming tool now belongs to OpenAI. What changes, what doesn't, and where agent security goes from here.
security · Mar 10, 2026We Tested Two MCP Implementations Against Three Attack Classes — Here's What Broke
Independent security assessment of two production MCP implementations reveals 11 vulnerabilities and 7 specification gaps. All traced to normative omissions in the MCP protocol.
research · Mar 3, 2026We Audited Both MCP SDKs — Here Are the Three Vulnerability Classes We Found
Source-code audit of both MCP SDKs reveals three boundary-crossing vulnerability classes. All confirmed with live PoC exploits and validated against production LLMs.
research · Feb 24, 2026How to Red Team Your AI Agent in 48 Hours
A practical methodology for security testing AI agents and LLM applications. What to test, how to prioritize, and how to interpret the results.
methodology · Feb 17, 2026The OWASP LLM Top 10 (2025): A Practical Attack Guide
A hands-on guide to the OWASP LLM Top 10, with real attack examples from our 122-attack taxonomy and concrete testing strategies for each category.
security · Feb 10, 2026We Catalogued 122 Ways to Break AI Systems — Here's the Taxonomy
We built a comprehensive taxonomy of 122 AI-specific attack vectors, mapped to OWASP LLM Top 10 and MITRE ATLAS. Today we're open-sourcing it.
research · Feb 3, 2026