Research & Writing
Ideas from the
safety frontier.
Technical research, threat analysis, and field notes from our work building foundational AI safety tooling.
analysis
One Employee's AI Side App Just Cost Vercel Its Customer Data
A Vercel employee connected an unauthorized AI tool to their corporate Google account with "Allow All" permissions. Attackers used that access to breach Vercel's internal systems and put customer data up for sale at $2 million. Here is exactly what happened and what it means for enterprises with employees using unsanctioned AI tools.
analysis
46 Minutes: How a Poisoned Python Package Reached 47,000 AI Environments
A threat group called TeamPCP injected credential-stealing malware into LiteLLM versions 1.82.7 and 1.82.8 on PyPI. Nearly 47,000 downloads happened in 46 minutes. Here is what the attack did, how it started with a compromised security scanner, and what enterprises running AI agents need to check now.
research
When the Assembly Line Becomes the Attack Surface: Supply Chain Threats in the Age of AI Agents
Software supply chain attacks can steal your credentials in minutes. Now AI agents are running the same attacks autonomously. What the hackerbot-claw campaign against Microsoft, DataDog, and Aqua Security reveals about the enterprise AI security gap.
analysis
When Your AI Ignores Your Security Policies: What the Copilot DLP Failures Reveal
Microsoft Copilot bypassed DLP policies twice in eight months, and no security tool caught either failure. Here's what it means for enterprise AI governance.