Security Research
Insights & Intelligence
Deep dives into AI/LLM security, EU compliance, penetration testing, OSINT, and agentic AI from our research team.
RSS FeedFeatured
Editor's Picks
AI & LLM Security
Basileak: The Vulnerable LLM We Trained to Be Broken
Most LLM safety work is about teaching models not to give up secrets. Basileak is the opposite: a Falcon 7B fine-tune engineered to fail against twelve documented categories of prompt injection, in a six-stage CTF, so the practitioners who break it walk away with defensive intuition they did not have before. Day 1 of Basileak Week.
11 min read
AI & LLM Security
The Scoreboard: A Builder's Introduction to DojoLM
Most teams shipping LLM products do not have a scoreboard. They have a scan run once before launch and a vendor PDF that nobody reads. DojoLM is a real one: 13 engines, 1,396 patterns across 198 groups, 2,380 fixtures, 25 DojoV2 controls, and a resilience score that moves when the arms race moves. Day 1 of a 14-day builder's journal.
16 min read
Agentic AI
Running 25 AI Agents in Production: Introducing BUCC
Several months, 600+ endpoints, 145+ tables, and a production-grade operations platform for a 30+ agent AI workforce. A builder's journal on what multi-agent AI actually looks like when it's running, not demoing.
16 min read
Latest
All Articles
Red Team
Amaterasu DNA: Attack Lineage as a Family Tree
Attacks are not independent events. Every jailbreak is a descendant of an earlier jailbreak. Every prompt injection is a mutation of a pattern someone else wrote two months ago. Almost nobody is tracking that lineage. Amaterasu DNA does. 6 families, 8 clusters, five views, one family tree. The schema and views are shipped; the graph is being seeded. Day 9 of the DojoLM builder's journal.
11 min read
Red Team
The Kumite and SAGE: An Evolution Engine for Payloads
2,380 fixtures is a lot of fixtures. It is also not enough. A fixture library is a snapshot of what defenders already know how to break. Every real attacker is somewhere outside that snapshot, running mutations nobody has thought of yet. SAGE is the generator that writes new homework: 142 generations, 1,247 seeds, 23 quarantined, 0.94 fitness. Day 8 of the DojoLM builder's journal.
11 min read
AI & LLM Security
The DojoLM Platform Guide: Week 1 Synthesis
Six days in. Time to step back and show how the modules fit together. This is not six separate products. It is one platform with a shared spine. The scanner, the armory, the lab, the guard, the compliance book, the dashboard. Six modules, one control set, one engine, one fixture library, one audit trail. Day 7 of the DojoLM builder's journal.
12 min read
Compliance & Regulation
The Bushido Book: 27 Compliance Frameworks, One Spine
Compliance is usually where AI security conversations go to die. The frameworks multiply, the vocabulary diverges, and a team shipping internationally ends up mapping a single technical control across a half-dozen regimes at once. The Bushido Book is the map. 27 frameworks, 25 DojoV2 controls (TA-01 through TA-25), 69 overall score, live evidence links, and a Gap Matrix that tells you exactly where the holes are. Day 6 of the DojoLM builder's journal.
12 min read
AI & LLM Security
Breaking Basileak: A Stage-by-Stage CTF Walkthrough
A six-stage walkthrough of the Basileak CTF for facilitators planning a cohort run. Trigger category, expected Oracle behavior, common failure modes, and debrief questions for each stage. Flag values, debug chant, and index phrase are redacted so the exercise still runs. Day 5 of Basileak Week, closing the series.
14 min read
AI & LLM Security
Hattori Guard: Four Modes of Runtime Defense
Four days of offense is enough. Today the series switches seats. Hattori Guard is DojoLM's inline defense layer: four modes (Shinobi, Samurai, Sensei, Hattori), 250 events processed this week, 127 blocks, full audit trail. It runs on the same Haiku Scanner engine that measures the platform, because any other choice is drift waiting to happen. Day 5 of the DojoLM builder's journal.
12 min read
AI & LLM Security
The AI Security Training Gap, and What Actually Closes It
Enterprise AI security awareness programs are proliferating and mostly not working. The gap is not awareness, it is not policy, it is the absence of hands-on adversarial practice. Basileak is the controlled target that converts documentation into defensive intuition, for developers, security engineers, and leaders. Day 4 of Basileak Week.
10 min read
Agentic AI
Atemi Lab: Testing the Agentic Attack Surface
Testing a single prompt against a single model is a solved problem. Testing a chain of tool calls, a multi-turn agent loop, and a web of MCP servers that can rewrite each other's context is a different problem entirely. We built Atemi Lab for that. Seven workspaces, four attack modes, 17 active tools, and a real agent harness. Day 4 of the DojoLM builder's journal.
12 min read
AI & LLM Security
The Armory: 2,380 Fixtures, Curated Not Scraped
A scanner is only as good as the fixtures it is tested against. Most security teams keep their attack examples in a scratch folder, a Notion page, a team-chat channel, or somebody's head. The Armory exists because that workflow cannot scale. 2,380 structured fixtures across 35 categories, four views, and a regression test for every scanner pattern. Day 3 of the DojoLM builder's journal.
12 min read
Agentic AI
Control Debt: Quantifying Whether Your AI Governance Actually Works
Technical debt is code that's fast to ship and slow to maintain. Control Debt is governance you skipped, guardrails you bypassed, approvals you auto-clicked. We built a scoring system that makes it visible before it compounds into a breach.
9 min read
AI & LLM Security
Why Every Red Team Lab Needs a Deliberately Vulnerable LLM
You cannot train defenders without something for them to attack. Production LLMs are off-limits, benchmark datasets are for research, manual CTFs are not scalable. Basileak is what the DVWA pattern looks like for LLM security: a controlled, fake-data, locally-deployed adversarial target built to be exploited. Day 3 of Basileak Week.
11 min read
Agentic AI
BlackOffice: A Multi-Agent Pipeline for Production Video
Storyboarding, script, shot list, capture, edit, review, publish, seven stages, a coordinated agent team, and a pipeline that ships finished episodes. A look at the creative side of a 30+ agent fleet.
16 min read
AI & LLM Security
The Haiku Scanner: 13 Engines, 512 Patterns, One Pipeline
Most LLM scanners collapse detection into a single classifier, a single regex bank, or a single LLM judge. One engine means one blind spot. We built the Haiku Scanner on the opposite principle, 13 independent detection engines running in parallel over every payload, each with its own pattern library, each reporting independently. Day 2 of the DojoLM builder's journal.
15 min read
AI & LLM Security
The 12-Category Prompt Injection Taxonomy Basileak Fails Against On Purpose
Most LLM security conversations collapse twelve distinct attack patterns into one word: jailbreak. That flattens the problem and makes defensive work impossible. BU-TPI is the twelve-category taxonomy Basileak is trained against, with each category mapped to a CTF stage and a Haiku Scanner engine. Day 2 of Basileak Week.
14 min read
Agentic AI
When AI Agents Get Wallets: DAO Governance for Autonomous Systems
What happens when agents hold assets, propose actions, and vote on decisions? We gave BUCC's fleet a DAO-style governance layer and documented what worked, what failed, and what regulators will eventually care about.
13 min read
Agentic AI
Ultra Instinct: How BUCC Agents Train Themselves
A closed-loop self-improvement pipeline for a 30+ agent fleet: harvest, score, mutate, train, deploy. Local hardware, QLoRA, one-click rollback. A builder's journal on continuous agent improvement in production.
6 min read
Agentic AI
Building a 7-Dimension ACL Framework for 25 AI Agents
Traditional ACL asks who can access what. Agent ACL has to answer across seven dimensions at once. Here's the 175-element matrix we built for BUCC and why default-deny is the only model that survives contact with production.
8 min read
Agentic AI
Catching AI Hallucinations: A Five-Stage Quality Pipeline
Hallucinations aren't an LLM problem, they're a quality-control problem. Here's the 5-stage pipeline that catches, classifies, and contains bad outputs before they reach customers, and the decision rationale behind each stage.
15 min read
Agentic AI
Three-Layer LLM Routing: Cost, Privacy, and Performance Without Trade-offs
L1 local Ollama, L2 subscription APIs, L3 pay-per-token frontier models. The routing layer decides which tier handles each call based on sensitivity, complexity, and cost. Here's the architecture that keeps 25 agents running without burning through a cloud bill.
16 min read
Agentic AI
Provisioning AI Agents Like Infrastructure: An 8-Step Pipeline
Production agents aren't spun up, they're provisioned. Persona, scope, tools, memory, permissions, briefing, first task, review. Here's the lifecycle model that replaces 'deploy and pray' with something you can actually audit.
17 min read
Agentic AI
The Data Sanitization Proxy: Fail-Closed Security for Every LLM Call
Every outbound LLM call is a data egress event. The DSP sits between the fleet and every provider, classifies the payload, and routes sensitive data to L1-local models only. Here's how it works and why default-deny is the only posture that survives production.
15 min read
Agentic AI
Persistent Agent Memory: A Three-Tier Architecture
Agents that forget everything between turns can't coordinate, can't learn, and can't improve. Here's the 3-tier memory model, global, agent-specific, session, and how we kept it fast, auditable, and privacy-safe.
13 min read
Agentic AI
Governance, Not Guardrails: Circuit Breakers for 25 AI Agents
Guardrails are filters. Governance is an architecture. Here's the 5-circuit-breaker system and 3-tier action classification we designed first, then built BUCC around, not bolted on after.
20 min read
Agentic AI
Agentic AI in the Enterprise: Building Secure Multi-Agent Systems with Custom Models
Autonomous AI agents are the next force multiplier, and the next attack surface. This guide covers how to design, train, and deploy secure multi-agent systems for enterprise operations.
7 min read
OSINT
OSINT for Cybersecurity: A Practical Guide
Open-source intelligence is one of the most powerful and underutilized tools in a security practitioner's toolkit. This guide covers methodology, tools, and operational security.
6 min read
Red Team
Red Teaming AI Systems: Beyond Traditional Pentesting
Red teaming AI systems demands a fundamentally different mindset from classical network or application testing. Here is how to build an effective AI red team program.
7 min read
Compliance & Regulation
EU AI Act Risk Classification: What You Need to Know
The EU AI Act introduces a tiered risk framework that will shape how AI systems are built, deployed, and audited across Europe. Here is what practitioners need to understand.
6 min read
AI & LLM Security
Introduction to LLM Penetration Testing
A practical primer on how to approach security assessments of large language models, from threat modeling to prompt injection and beyond.
5 min read