Real-world AI vulnerability case studies, drawn from active engagements — sanitized, named, and published so the field gets safer faster.
Threat Reports is a monthly research stream publishing field findings from production AI engagements. Each report names an attack class, shows how it manifested in a real deployment, and documents what worked to remediate it. The stream launches with its inaugural issue in July 2026.
Six months of production telemetry across engaged AI deployments. How automated scrapers and crafted document uploads are weaponizing RAG pipelines against internal LLMs. We document the three injection patterns responsible for 80%+ of observed exploitation, the defensive controls that consistently held, and the ones that didn't.
Systematic study of how agent delegation undermines trust boundaries across popular orchestration frameworks. We document specific escalation patterns observed across engagements and the architectural changes that prevent them.
How attacker-controlled documents can compromise downstream retrieval results in shared vector stores. Field observations from RAG deployments and the isolation patterns that contained the damage.
A category of compromise we keep finding: AI systems running degraded or partially-controlled by attackers without obvious symptoms. What it looks like, why it survives, and how to detect it.
Drawn from real engagements, not synthetic scenarios.
Every report originates from a paid engagement with a real client. We do not run synthetic 'red team exercises' to generate research material. The findings are real because the deployments are real.
Sanitized to remove client identification, technical fidelity preserved.
We strip client names, system-prompt specifics, identifiable architecture details, and any data that could re-identify the client. Attack techniques, defensive patterns, and impact measurements are preserved in full technical detail.
Published only with client consent.
No engagement finding is published without explicit written approval from the affected client. Where consent is withheld, the finding contributes to our internal knowledge but does not appear in Threat Reports.
Reproducible where possible.
Where the attack pattern generalizes across deployments, we include reproduction guidance — proof-of-concept payloads, configuration conditions, environmental requirements. Where reproduction would require client-specific details, we describe the attack class without enabling direct copy.
Monthly cadence, not quarterly.
Threat Reports publish monthly. Quarterly research is too slow for a field where attack patterns shift in weeks. Where a month has no qualifying engagement-derived finding, we publish nothing rather than padding the stream.
Linked to remediation, not just findings.
Each report includes not only the attack pattern but the defensive controls that worked or didn't in real deployments. Research that names problems without documenting solutions is half the work.
One email per month, when a new report drops. Includes the full report PDF, a 2–3 sentence summary for forwarding to colleagues, and pointers to related disclosures and methodology updates. Unsubscribe anytime.
Subscribers receive reports 24 hours before public publication.
Threat Reports launches July 2026. Subscribe to be notified of the inaugural issue.
SEE OTHER RESEARCH STREAMS →