Advanced Security Research & Insights
Independent security research on AI agent frameworks, OAuth supply-chain vulnerabilities, and defensive strategies for enterprise AI programs and critical infrastructure.
Latest research
Curated research briefs, tooling, and frameworks for AI and application security teams.
Mapping the LLM Threat Surface for Enterprise Security
A systematic framework for assessing and defending against LLM-specific threat vectors across enterprise environments.
OAuth Supply-Chain Security: From the Salesloft/Drift Breach to Zero Trust
Applied research on OAuth supply-chain vulnerabilities, analyzing the UNC6395 campaign that compromised 700+ Salesforce environments via stolen tokens from Salesloft/Drift. Includes GWAPT-aligned penetration testing methodology.
Autonomous Defense: AI Agent Playbooks for Incident Response
Research on how AI agents can execute defensive playbooks, automate ticket resolution, and augment human responders in security operations.
Research by topic
Explore curated research tracks spanning secure AI development, red team methodology, and governance-ready tooling.
LLM Threats
4 curated resources
Model Context Protocol
1 curated resources
Supply Chain
2 curated resources
Automation & Tools
4 curated resources
Latest insights
Strategic viewpoints for CISOs, AI security leads, and product teams.
WhatsApp Family Emergency Scams — 'I Have a New Number'
'Mummy, my phone broke, this is my new number, I need money urgently' — it sounds exactly like your child. The scam hitting Panjabi family WhatsApp groups now, and the one rule that defeats it.
Tech Support Scams Target Our Elders — What Every Panjabi Family Needs to Know
A caller claims to be Microsoft Support; your parent grants remote access and their bank account is drained. How tech-support scams work — and the single rule that defeats every one.
Megalodon — What 5,718 Backdoored GitHub Repositories Reveal About CI/CD as Attack Surface
On 18 May 2026, Megalodon pushed 5,718 malicious commits to 5,561 GitHub repos in six hours, abusing GitHub Actions to steal cloud credentials, OIDC tokens, and secrets. No exploit — just trust in CI.