- 2026-07-03
Pentesting LLM Applications: A Field Methodology
A repeatable, architecture-led workflow for testing LLM apps and agents — scoping a non-deterministic target, mapping the five attack surfaces, running OWASP LLM Top-10 …
- 2026-07-02
Prompt Injection & the Lethal Trifecta
Why prompt injection has no clean fix, how indirect injection turns retrieved content into code, and how the 2025 zero-click incidents (EchoLeak, ShadowLeak, ForcedLeak) …
- 2026-07-01
The AI Testing Toolkit & Frameworks
The frameworks that give an AI pentest its vocabulary, the scanners that give it coverage, and a safe practice-lab recipe for rehearsing every attack offline.
- 2026-06-28
Hunting IDOR / BOLA in the Wild
A repeatable workflow for finding broken object-level authorization in modern APIs — from mapping object references to proving impact.
- 2026-06-12
A Recon Workflow That Actually Scales
Turning a wildcard scope into a prioritized attack surface without melting your VPS — passive first, resolve, probe, then triage.