Analysis of AI agent vulnerabilities, attack techniques, and defensive patterns — plus findings from scans I run against public targets.
The OWASP Top 10 for LLM Applications is the best framework we have. It also has three blind spots that account for a disproportionate share of what I'm finding in the field — multi-tenant context bleed, agent-to-agent handoff attacks, and temporal/memory attacks.
Read post →Pure-LLM CTFs are unreliable because model alignment training fights your characters. Pure-deterministic CTFs teach pattern matching, not attack patterns. Here's the hybrid approach the Wraith Academy uses, and why it took a few iterations to get there.
Read post →I built a deliberately vulnerable chatbot, pointed Wraith at it, and watched it extract the full system prompt — including a production API key and admin database credentials. Here's exactly how.
Read post →Most security tools don't know how to test AI agents. That's a gap worth building a product around.
Read post →