Multimodal prompt injection: attacks in images, audio, and video
How attackers bypass text-based guardrails by embedding malicious instructions in images and audio, and the layered defenses required to counter them.
AI agents as attack pivots: the new lateral movement
AI agents create a third class of lateral movement, bridging previously isolated systems through natural language, tool access, and execution autonomy.
Memory poisoning in AI agents: exploits that wait
How attackers plant instructions targeting agentic AI systems today that execute weeks later, and the defense architecture that stops them.
RAG security: the forgotten attack surface
Why your sanitized user queries don’t protect you when the threat enters through your knowledge base.
Securing MCP: a defense-first architecture guide
Why the Model Context Protocol needs a new security mental model, and how to build it.
Threat modeling agentic AI: a scenario-driven approach
A scenario-driven workflow for tracing attack paths in agentic AI systems using a five-zone navigation lens, attack trees, and OWASP’s threat taxonomy and playbooks.
From LLM to agentic AI: prompt injection got worse
How the shift from single-model LLM integrations to agentic AI systems amplifies prompt injection into a multi-step attack chain.
Dependency cooldowns: a simple supply chain fix
Learn how dependency cooldowns protect against supply chain attacks by delaying automatic adoption of new package versions.
Ship fast, but guard faster: securing DevOps itself
A pragmatic defense-first guide for modern DevOps.