Adversarial & AI Security.

AI security, MCP server reviews, and red-team write-ups across smart contracts, dApps, and Web2 infrastructure.

Filter
TOPIC
All33AI Security6MCP Security7Red Teaming20
Showing 12 of 35
OWASP ASI07 Explained: Insecure Inter-Agent Communication
Adversarial & AI SecurityJun 23, 2026·13 min

OWASP ASI07 Explained: Insecure Inter-Agent Communication

OWASP ASI07 (Insecure Inter-Agent Communication) explained: how agents trust each other too much, relay malicious instructions, and amplify prompt injection.

Read
OWASP ASI01 Explained: AI Agent Goal Hijacking
Adversarial & AI SecurityJun 2, 2026·12 min

OWASP ASI01 Explained: AI Agent Goal Hijacking

OWASP ASI01 (Agent Goal Hijack) explained: how prompt injection redirects AI agent objectives. Direct, indirect, and tool-mediated patterns with mitigations.

Read
Agentic DeFi security: when AI agents control treasury, trading, and liquidations
Adversarial & AI SecurityJun 1, 2026·21 min

Agentic DeFi security: when AI agents control treasury, trading, and liquidations

AI agents now autonomously control DeFi treasuries, execute trades, and trigger liquidations. The cross-layer attack surface that contract audits cannot see.

Read
CVE-2025-49596: Anthropic MCP Inspector RCE Explained
Adversarial & AI SecurityMay 29, 2026·12 min

CVE-2025-49596: Anthropic MCP Inspector RCE Explained

CVE-2025-49596 (CVSS 9.4 Critical): unauthenticated RCE in Anthropic's MCP Inspector. How the proxy architecture failed, the patch (v0.14.1), and lessons for MCP dev tools.

Read
Long-Lived Agents: Delayed Execution Risk
Adversarial & AI SecurityMay 27, 2026·14 min

Long-Lived Agents: Delayed Execution Risk

Why long-lived AI agents fail across time, not just prompts. Practical audit checks for delayed execution, stale approvals, and memory-driven authority drift.

Read
OWASP ASI05 Explained: AI Agent RCE Patterns
Adversarial & AI SecurityMay 26, 2026·12 min

OWASP ASI05 Explained: AI Agent RCE Patterns

OWASP ASI05 (Unexpected Code Execution) explained: how agent-generated code and tool composition produce RCE in agentic systems. Real CVEs and mitigations.

Read
Cursor IDE MCP CVEs: MCPoison & CurXecute Explained
Adversarial & AI SecurityMay 22, 2026·11 min

Cursor IDE MCP CVEs: MCPoison & CurXecute Explained

CVE-2025-54136 (MCPoison) and CVE-2025-54135 (CurXecute): tool descriptor injection and workspace-file-write RCE in Cursor IDE's MCP layer. Mechanism, impact, fixes.

Read
The Web2 blind spot: Why audited smart contracts get hacked
Adversarial & AI SecurityMay 22, 2026·27 min

The Web2 blind spot: Why audited smart contracts get hacked

Bybit, BadgerDAO, Curve — all audited, all drained off-chain. How DNS hijacks, CDN compromises, and signing-flow attacks bypass smart contract audits.

Read
AI Agent Outbound Authority: Audit Checks
Adversarial & AI SecurityMay 20, 2026·13 min

AI Agent Outbound Authority: Audit Checks

Why email, messaging, and webhook tools need destination-level controls in AI agents. Practical audit checks for exfiltration and approval bypass.

Read
Indirect prompt injection: the Web3 agent attack chain
Adversarial & AI SecurityMay 15, 2026·26 min

Indirect prompt injection: the Web3 agent attack chain

How indirect prompt injection drains Web3 agent wallets, poisons AI audits, and abuses MCP servers. Bankrbot case study and the auditor's 12-point checklist.

Read
Anthropic MCP SDK Vulnerability (April 2026): Full Analysis
Adversarial & AI SecurityMay 15, 2026·12 min

Anthropic MCP SDK Vulnerability (April 2026): Full Analysis

Inside the April 2026 Anthropic MCP SDK design flaw: STDIO transport allows config-to-command-execution across Python, TypeScript, Java, Rust SDKs — by design.

Read
AI Agent Approval Bypass: Audit Checks
Adversarial & AI SecurityMay 13, 2026·12 min

AI Agent Approval Bypass: Audit Checks

Why human approval fails in AI agents when the model still controls risky parameters. Audit checks for coding agents, long-lived agents, and Agentic DeFi.

Read