Technical articles on AI agent security, threat research, and building open-source security tools.
Docker Sandboxes isolate AI agents at runtime. But a sandboxed agent running malicious skills is still a compromised agent. What runtime isolation misses and why static analysis needs to come first.
MCP configuration files are the most dangerous files on developer machines. Hardcoded secrets, npx -y without version pins, Docker with --privileged, shell metacharacters in args. Seven risks with concrete fixes.
Every risk in the OWASP Top 10 for Agentic Applications mapped to specific Aguara detection rules. 197 rules across 12 categories covering all 10 OWASP risks with concrete examples from 31,000+ scanned skills.
Tool poisoning goes far beyond malicious descriptions. Every field the LLM processes is an injection point: parameter names, enum values, error messages, return values. A deep dive into the full attack surface.
A step-by-step methodology for auditing AI agent skill files. Hidden content, instruction overrides, credential patterns, external communications, and command execution — with detection examples for each.
Most MCP servers are installed via npx -y — auto-downloading and executing unverified code. Typosquatting, package takeover, dependency confusion, and postinstall scripts make this a supply chain nightmare.
31,000+ skills across 5 registries. 485 critical-severity findings. Prompt injection, credential leaks, supply chain attacks. The first large-scale security audit of AI agent ecosystems.
The architecture behind Aguara: three detection layers, 148 YAML rules, concurrent file scanning, and self-testing rules. A deep dive into building a static security scanner for a new attack surface.