Posts tagged "security"

5 posts

• Your Agent Is Mine: the LLM Router as a Supply-Chain Attack Surface

  April 13, 2026
  security ai-agents supply-chain llm

  What if the model is not the thing that got hacked? Your Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply Chain If your agent talks to OpenAI,...

• UNC Paths as a Covert Exfiltration Channel in AI Coding Agents

  April 09, 2026
  security ai-agents windows data-exfiltration

  What if a prompt-injected agent could use safe, read-only tools to silently exfiltrate your secrets? Data exfiltration from AI coding agents is a well-documented attack class. Johann Rehberger (embracethered) has...

• When the WAF Blocks Everything: SQL Injection with Only Math

  March 27, 2026
  security sql-injection mssql waf-bypass

  Recently I came across an interesting bug bounty target where I found some nice, classic SQL injection, but none of the WAF bypasses known to me worked. So I asked...

• Caught in the Hook... or just API key exfiltration:

  February 27, 2026
  security ai-agents claude-code

  In my previous post, I explained the concept of the folder trust gap in AI agents. And today someone released a new article which describes such vulnerabilities in Claude Code....

• The Trust Gap: Your AI Agent Is Running Code Before It Asks Permission

  February 26, 2026
  security ai-agents

  What is the threat model of an AI agent that operates in your terminal? One of the first things that happens when you type claude/codex/copilot/gemini in your terminal is that...

← View all tags