Advanced Security Research & Insights
Independent security research on AI agent frameworks, OAuth supply-chain vulnerabilities, and defensive strategies for enterprise AI programs and critical infrastructure.
Latest research
Curated research briefs, tooling, and frameworks for AI and application security teams.
Mapping the LLM Threat Surface for Enterprise Security
A systematic framework for assessing and defending against LLM-specific threat vectors across enterprise environments.
OAuth Supply-Chain Security: From the Salesloft/Drift Breach to Zero Trust
Applied research on OAuth supply-chain vulnerabilities, analyzing the UNC6395 campaign that compromised 700+ Salesforce environments via stolen tokens from Salesloft/Drift. Includes GWAPT-aligned penetration testing methodology.
MCP Sentinel Scanner: Seven-Layer Detection Pipeline for AI Agent Security
An open-source security analysis tool applying a seven-layer detection pipeline to identify vulnerabilities in AI agent-to-agent communication frameworks, addressing an emerging and rapidly evolving attack surface.
Research by topic
Explore curated research tracks spanning secure AI development, red team methodology, and governance-ready tooling.
LLM Threats
4 curated resources
Model Context Protocol
3 curated resources
Supply Chain
4 curated resources
Automation & Tools
4 curated resources
Latest insights
Strategic viewpoints for CISOs, AI security leads, and product teams.
Why I'm Translating OWASP's Security Standard Into Panjabi — And Why It Matters
The OWASP Application Security Verification Standard reaches 130+ million Panjabi speakers for the first time, through a bilingual translation that keeps technical precision intact while making security accessible in Gurmukhi script. Includes the complete security terminology glossary.
Master Keys & Shadow Trust: The $1B OAuth Supply-Chain Heist
Analysis of the UNC6395 campaign that weaponized OAuth tokens from Salesloft/Drift to access 700+ Salesforce environments, bypassing MFA entirely. A forensic deconstruction with GWAPT-aligned penetration testing methodology.
Enhancing GitHub Security Scanning: Integrating AI Threat Taxonomies Into Your DevSecOps Pipeline
How the Arcanum Prompt Injection Taxonomy, AI code anti-patterns, and automated scanning tools can harden your repositories against the emerging wave of AI-driven vulnerabilities.