Security research for the age of AI agents. Data-driven, technically deep, open source.
16 ArticlesDie EU diskutiert eine Verschiebung der Hochrisiko-Deadline von August 2026 auf Dezember 2027. Was bereits gilt, was sich aendert, und warum Warten keine Strategie ist.
Anthropic's leaked Conway project reveals an always-on persistent AI agent with webhooks, browser control, and custom extensions. The attack surface just expanded by an order of magnitude.
512,000 lines of Claude Code leaked via npm. Two CVEs followed within days. Fake repos spread malware. What every AI team needs to know about securing their agent infrastructure.
We scanned every server in the official MCP Registry for security vulnerabilities. 850 flagged, 0 malicious patterns, and an independent validation of academic research at 6x scale.
The largest EU AI Act compliance study of MCP servers ever conducted. 11,529 servers scanned, 850 flagged. 7.4% non-compliance rate. 134 days until the deadline.
A complete mapping of ClawGuard Shield's 225 security patterns to the OWASP MCP Top 10 standard. The only scanner covering all 10 categories plus EU AI Act compliance.
We scraped the entire MCP registry (11,529 entries), resolved 4,113 unique servers, and ran static pattern analysis. 65 servers flagged across 81 findings.
After filing 32 security advisories to MCP server maintainers, we identified 4 recurring pushback patterns. Here's why MCP security requires a shared responsibility model.
Cisco launched DefenseClaw at RSA 2026. Here's how the two open-source MCP security scanners compare on latency, EU AI Act compliance, and architecture.
Attackers bypass AI security scanners using leetspeak, Unicode tricks, Base64, and cross-language mixing. We built 12 preprocessors to catch them all.
MCP security isn't theoretical. These 6 real-world incidents show what happens when AI agents interact with untrusted tools without runtime protection.
A technical comparison of 9 MCP security scanners. Architecture, detection approach, latency, language support, and EU AI Act coverage side by side.
We analyzed 1,899 MCP servers from the Queen's University study. 7.2% had at least one security vulnerability. Tool poisoning, credential exposure, and prompt injection are the top threats.
A complete catalog of 42 prompt injection attack patterns across 5 categories. From basic role hijacking to advanced data exfiltration. Every pattern detectable in under 6ms.
LLM-based prompt injection detection is slow, expensive, and vulnerable to the same attacks it tries to detect. Here's why deterministic regex patterns are the better first line of defense.
We built an open-source prompt injection scanner and attacked it with 18 real-world payloads. From 33% to 83% detection in a single afternoon, with zero false positives.