RESEARCH

Research & Intelligence

Four streams of published work from active engagements — sanitized findings, named vulnerabilities, no client data. We publish what we learn so the field gets safer, faster.

SUBSCRIBE TO BRIEFINGS →
// THREAT REPORT 0008 · MAY 202618 min read · 22 pages
RAG weaponizationprompt injectionindirect injection

Indirect Prompt Injection 2026: A Field Survey

Six months of production telemetry across 40+ AI deployments. How automated scrapers are weaponizing RAG pipelines against internal LLMs, and the three defensive patterns that actually work.

// THREAT REPORTS
Monthly · sanitized engagement findings

Real-world AI vulnerability case studies from active engagements. Each report names an attack class, shows how it manifested in production, and documents the remediation that worked.

MAY 2026 · REPORT 0008

Indirect Prompt Injection 2026

Six months of field data on RAG weaponization.

READ →
APR 2026 · REPORT 0007

Tool-Call Chain Privilege Escalation

How agent delegation undermines trust boundaries.

READ →
MAR 2026 · REPORT 0006

Embedding Poisoning at Scale

Document-layer injection in production retrieval pipelines.

READ →
See all threat reports →
// VULNERABILITY DISCLOSURES
As-found · coordinated disclosure

Public log of AI logic leaks and vulnerabilities discovered and disclosed by LogicLeak researchers. Each entry documents affected system class, technical description, and remediation guidance — never client names without consent.

CVE-2026-0142FIXED

Embedding Poisoning via Crafted Markdown in Hosted Vector Indexes

Hosted vector index deployments with markdown ingestion pipelines

CVE-2026-0117FIXED

Cross-Tenant Retrieval Leakage in Multi-Tenant RAG Deployments

Multi-tenant RAG platforms with shared embedding namespaces

LL-DISCLOSURE-0009DISCLOSED

Tool-Call Chain Bypass in Popular Agent Framework

Open-source multi-agent frameworks with chained tool delegation

LL-DISCLOSURE-0008PENDING

Prompt-Layer Auth Bypass in AI Customer Support Platform

AI-powered customer support systems with session context reuse

See all disclosures →
// METHODOLOGY
Slowly evolving · our surgical approach to red-teaming

How we approach adversarial security for AI systems. Our methodology is open — we publish what we believe so clients and researchers can challenge it, and so the field can build on it.

FRAMEWORK · V2.1

The Adversarial Probing Methodology

Our 12-stage process for red-teaming production AI systems, from reconnaissance to remediation handoff.

READ →
FRAMEWORK · V1.4

Severity Scoring for AI Vulnerabilities

How we rank AI security findings against CVSS, OWASP LLM Top 10, and engagement-specific risk models.

READ →
APPROACH · V1.2

Rules of Engagement

Our operational ethics, compliance, and testing boundaries — what we will and won't do on engagements.

READ →
APPROACH · V1.0

Sanitization & Disclosure Policy

How we strip client identifiers from published research while preserving technical fidelity.

READ →
See full methodology archive →
// THE AGENTIC THREAT LANDSCAPE
Living document · updated quarterly

A continuously updated map of the attack patterns we see emerging across multi-agent, RAG, and tool-calling AI systems. Less a paper, more a worldview.

// LANDSCAPE
2026
Last updated: MAY 2026Q2 update

The 2026 Agentic Threat Landscape

Across Q1–Q2 2026, we've seen the attack surface shift decisively toward multi-agent privilege escalation, indirect injection via tool outputs, and supply-chain attacks on shared agent frameworks. This living document tracks what we're seeing, what we expect next, and how defenders should prioritize.

  • 1. Multi-agent privilege escalation
  • 2. Indirect injection via tool outputs
  • 3. Agent framework supply chain
  • 4. RAG perimeter degradation

Get research before it goes public

One email per month. New threat reports, vulnerability disclosures the moment they're published, and pre-release access to upcoming papers. Unsubscribe anytime.

Updated continuously · Sanitized findings · No client names · Under NDA on every engagementOPEN A RESEARCH COLLABORATION →