Writing
Research articles and short notes — technique breakdowns, detection gaps, and the occasional quick find.
-
A calendar invitation with an indirect prompt injection is all it takes to hijack Gemini’s agents — exfiltrating email, controlling smart home devices, launching video…
-
Guardrails are statistical filters, not security boundaries. On every engagement I have run, the attacker walked around them. Real agentic security comes from architecture —…
-
AI-powered editors follow project-wide ‘rules’ and read every file as context. Hidden Unicode instructions in rule files and code comments can steer the agent into…
-
A computer-use agent takes screenshots, clicks, types, and edits files on your machine. The moment it browses the open web, every page it visits can…
-
A data-analysis agent generates Python from inputs — including the dataset itself. Whoever controls the dataset controls the code. A concrete RCE writeup with payload…
-
Your AI assistant reads your mail and documents to give better answers. Anyone who can write into that data can steer what it tells you…
-
A coding agent asked to ‘resolve issues’ or ‘test PRs’ will execute commands it finds in repository content. Three variants — poisoned issues, fake packages,…
-
Agents act on behalf of users — that’s the feature and the bug. The common pattern behind nearly every agent vulnerability, from indirect prompt injection…