Subscribe
Sign in
Home
Notes
Disclaimer
Contact
Consult
About
Latest
Top
Discussions
Cisco’s Agent Runtime SDK Bakes Security Into the Build
Policy enforcement now ships at build time across Bedrock AgentCore, Vertex, Azure AI Foundry, and LangChain. The exploit that broke OpenClaw never…
Jul 7
•
ToxSec
17
1
3
The AI Agent Kill Switch Most Teams Don’t Actually Have
Models sabotage shutdown scripts up to 97% of the time, and 60% of orgs can’t terminate a rogue agent. Here’s why the off switch keeps failing.
Jul 4
•
ToxSec
21
14
10
Google SAIF: The Agent Security Map
Google’s Secure AI Framework draws the full agent attack surface, names the risks, and hands you the controls. A vendor did the boring, useful work for…
Jul 1
•
ToxSec
14
6
6
June 2026
How OpenAI’s Cyber Defense Plan Backs the Defenders
A five-pillar action plan, a tiered Trusted Access program, and a cyber-tuned model that stops treating every defender like a suspect.
Jun 28
•
ToxSec
21
5
6
Decision Tracing: The Missing Piece in Every AI Agent Breach
When an agent goes rogue, prompt filters are useless. You need a replayable record of every decision, tool call, and the reasoning that fired them.
Jun 25
•
ToxSec
16
10
6
AI Tar Pits Are Drowning LLM Scrapers in Infinite Garbage
How tools like Nepenthes, Iocaine, and Cloudflare’s AI Labyrinth trap unauthorized crawlers in endless mazes of generated nonsense and poison the…
Jun 21
•
ToxSec
27
8
7
Meta's Rule of Two: The Fix for Agent Prompt Injection
The two-of-three rule that snaps the AI agent prompt injection chain, why it works, and the three seams where it still leaks.
Jun 18
•
ToxSec
9
1
4
Fable 5 Export Control Takedown: One Jailbreak, Whole Planet Dark
How a narrow, non-universal jailbreak triggered the first government-forced kill switch on a deployed frontier model, and why deemed-export law made the…
Jun 14
•
ToxSec
24
18
10
15:41
Agentic AI Attacks Explained: How Autonomous Agents Hack You in 2026 (and How to Stop Them)
Goal hijack, tool misuse, memory poisoning, and the confused deputy problem, plus the least-privilege playbook that actually kills the chain.
Jun 7
•
ToxSec
38
11
10
Why AI Guardrails Can’t Tell Your Research From an Attack
The model resolves on shape, not intent, and that single fact explains every weird refusal you’ve ever hit.
Jun 4
•
ToxSec
16
3
8
May 2026
LLM Defense in Depth: Assume Breach and Contain the Blast
Prompt injection will land. Stack probabilistic filters with deterministic controls so what gets through can’t reach anything worth taking.
May 31
•
ToxSec
29
18
16
AI Sandbox Escape: Why Docker Can’t Hold Frontier Models
Frontier models escape Docker containers for $1, n8n sandboxes ship RCE, and ROME mined crypto during training with nobody asking.
May 28
•
ToxSec
18
8
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts