Security Leader AI

Advanced Security Research & Insights

Independent security research on AI agent frameworks, OAuth supply-chain vulnerabilities, and defensive strategies for enterprise AI programs and critical infrastructure.

Latest researchExplore tools
20+ Years Experience • CISSP • CISA • Security Researcher & Advisor

Latest research

Curated research briefs, tooling, and frameworks for AI and application security teams.

View all research →
Mapping the LLM Threat Surface for Enterprise Security
Research Paper

Mapping the LLM Threat Surface for Enterprise Security

A systematic framework for assessing and defending against LLM-specific threat vectors across enterprise environments.

LLM SecurityThreat ModelingEnterprise
January 12, 2025
4 min read
OAuth Supply-Chain Security: From the Salesloft/Drift Breach to Zero Trust
Tool / Framework

OAuth Supply-Chain Security: From the Salesloft/Drift Breach to Zero Trust

Applied research on OAuth supply-chain vulnerabilities, analyzing the UNC6395 campaign that compromised 700+ Salesforce environments via stolen tokens from Salesloft/Drift. Includes GWAPT-aligned penetration testing methodology.

OAuthSupply ChainSalesloft/Drift
February 8, 2026
5 min read
MCP Sentinel Scanner: Seven-Layer Detection Pipeline for AI Agent Security
Insight

MCP Sentinel Scanner: Seven-Layer Detection Pipeline for AI Agent Security

An open-source security analysis tool applying a seven-layer detection pipeline to identify vulnerabilities in AI agent-to-agent communication frameworks, addressing an emerging and rapidly evolving attack surface.

MCPAI SecuritySeven-Layer Pipeline
February 8, 2026
4 min read

Research by topic

Explore curated research tracks spanning secure AI development, red team methodology, and governance-ready tooling.

LLM Threats

4 curated resources

Explore topic →

Model Context Protocol

3 curated resources

Explore topic →

Supply Chain

4 curated resources

Explore topic →

Automation & Tools

4 curated resources

Explore topic →

Latest insights

Strategic viewpoints for CISOs, AI security leads, and product teams.

Insight

Master Keys & Shadow Trust: The $1B OAuth Supply-Chain Heist

Analysis of the UNC6395 campaign that weaponized OAuth tokens from Salesloft/Drift to access 700+ Salesforce environments, bypassing MFA entirely. A forensic deconstruction with GWAPT-aligned penetration testing methodology.

2026-02-087 min read
Read article →
Insight

Enhancing GitHub Security Scanning: Integrating AI Threat Taxonomies Into Your DevSecOps Pipeline

How the Arcanum Prompt Injection Taxonomy, AI code anti-patterns, and automated scanning tools can harden your repositories against the emerging wave of AI-driven vulnerabilities.

2026-02-089 min read
Read article →
Insight

MCP Sentinel Scanner: Security Analysis for Model Context Protocol

A comprehensive security analysis tool addressing critical gaps in Model Context Protocol implementations, based on peer-reviewed research.

2025-10-058 min read
Read article →