Our Blog

Research, analysis, and practical guidance on cybersecurity and AI security from our London team.

AI & Agent Security3 July 2026

Why 'Cognitive Debt' From AI Coding Agents Is a Security Problem

A widely-shared talk from Notion design engineer Geoffrey Litt argues that as agents write more code, understanding it becomes the real bottleneck — and for security teams, that understanding gap is where review controls quietly fail.

ai-securitycognitive-debtagentic-coding
4 min readRead
AI Agent Security2 July 2026

Why SQL-Executing AI Agents Need Systematic Prompt Testing, Not Guesswork

A DSPy-driven experiment on Datasette Agent's SQL system prompt shows how ad hoc prompt tuning produces fragile, unpredictable guardrails for agents that touch live data.

ai-agentsllm-securityprompt-engineering
4 min readRead
AI Security2 July 2026

Google Workspace's Layered Defense Against Indirect Prompt Injection

Google's GenAI Security Team has published how it defends Gemini inside Workspace from indirect prompt injection — treating it as a standing threat class rather than a bug to patch once.

prompt-injectionai-securitygoogle-workspace
4 min readRead
Web3 / Smart Contract Security1 July 2026

Aztec Connect: $2.1M Stolen From a Bridge With No One Left to Fix It

A proof-verification flaw let an attacker drain a DeFi privacy bridge that Aztec Labs deprecated three years ago and can no longer patch, pause, or upgrade — a case study in what "immutable" really costs.

defi-securitysmart-contractsweb3
4 min readRead
AI & Surveillance Security1 July 2026

Natural-Language Video Search Is Rewriting the Surveillance Threat Model

New AI tools let analysts ask CCTV networks plain-language questions about behaviour instead of running a fixed menu of preset searches — and the Israel-Iran-Russia episode shows how fast that capability is spreading to adversaries as well as allies.

ai-surveillancecomputer-visionmass-surveillance
4 min readRead
AI Agent Security30 June 2026

Agents That Film Their Own Work: The Security Read on shot-scraper video

Simon Willison's shot-scraper 1.10 lets coding agents record video "proof" of browser-driven work using Playwright's new screencast API — a convenience that quietly expands the credential and trust surface security teams need to govern.

ai-agentsagent-securitybrowser-automation
4 min readRead
Cryptography & PKI30 June 2026

Short-Sleeve RSA: How Zero-Block Prime Structure Exposed 603 Private Keys in the Wild

Trail of Bits and the badkeys project have uncovered a new class of factorable RSA key — one defined by evenly spaced zero-bit blocks in its prime factors — and found hundreds already deployed in real TLS, SSH, and PGP infrastructure.

rsacryptographypki
4 min readRead
AI Security29 June 2026

Ornith-1.0: What Self-Scaffolding Agentic Code Models Mean for Security Teams

DeepReinforce's Ornith-1.0 is the first open-weights model family trained to write its own agentic scaffolding. That capability shift has direct implications for prompt-injection blast radius and autonomous-agent attack surfaces.

agentic-aillm-securitycode-generation
4 min readRead
AI & Autonomous Systems Security29 June 2026

Sacramento Police Drone Disarms Suspect — and Opens a New Cyber-Physical Attack Surface

On 22 June 2026, a Sacramento County Sheriff's drone stripped a knife from a suspect's hand using a high-powered magnet. Security practitioners should read this less as a policing milestone and more as the opening of a new attack surface.

drone securityautonomous systemslaw enforcement technology
4 min readRead
Web3 Security29 June 2026

Taiko Bridge Drained $1.7M After SGX Signing Key Exposed on GitHub

An attacker leveraged a publicly committed SGX enclave key to forge withdrawal proofs on Taiko's Ethereum L2 bridge, draining $1.7 million before block production was halted on 22 June 2026.

bridge-exploitethereum-l2sgx
4 min readRead
Web3 & DeFi Security29 June 2026

Secret Network–Axelar Bridge Drained $4.67 M via Infinite-Mint Bug Hidden for Seven Days

An attacker exploited a removed source-validation check to mint unbacked wrapped tokens on Secret Network, redeeming them through Axelar's legitimate channel — and nobody noticed for a week.

secret-networkaxelarbridge-exploit
4 min readRead
DeFi Security29 June 2026

Counter-MEV Honeypot Drains jaredfromsubway.eth of $7.5 Million

Ethereum's most-active sandwich-attack bot was beaten at its own game — tricked by 66 fake token contracts into handing over real WETH, USDC, and USDT in a single sweep transaction.

mevdefiethereum
4 min readRead
AI Security28 June 2026

Prompt Injection in the Wild: npm Malware Weaponises AI Content Filters to Evade Analysis

A malicious npm package published in June 2026 combines prompt injection, bio-weapons safety-trigger text, and context-flooding to blind AI-assisted dependency scanners — revealing a new evasion frontier in which the security toolchain itself becomes the attack surface.

prompt injectionsupply chainnpm
5 min readRead
DevSecOps28 June 2026

AI Writes the CI/CD Pipeline: Auditing AI-Generated GitHub Actions Workflows

Simon Willison's browser-compat-db used two AI models to generate a complete build pipeline — a sign of where development is heading and a prompt to ask whether security review has kept pace.

github-actionsdevsecopssupply-chain-security
4 min readRead
AI Security28 June 2026

Prompt Injection as Role Confusion: The Structural Flaw at LLM Core

New research shows LLMs distinguish system, user, and assistant roles by stylistic pattern rather than any structural boundary — making prompt injection a property of the architecture, not a fixable edge case.

prompt injectionllm securityai red-teaming
5 min readRead