AI Security Research Lab

Exploit-oriented research for agentic AI systems. Deterministic harnesses, reproducible findings, and open methodology for prompt injection, tool boundary attacks, and agent vulnerability disclosure.

Read Our Research View Vulnerabilities

Research Capabilities

Prompt Injection

Deterministic evaluation of prompt injection as an exploitable attack vector across RAG, browser, and tool-runner agent patterns.

Evaluation Harnesses

Reproducible testing frameworks that score agent security with binary exploit/no-exploit results — no LLM-as-judge.

Vulnerability Disclosure

Responsible disclosure program for AI agent platform vulnerabilities — CVE coordination and vendor notification.

Tool Boundary Analysis

Mapping the security boundary where LLM reasoning meets tool execution — exfiltration, policy override, and unsafe invocation paths.

Research

Exploit-oriented security research for agentic AI systems. Reproducible tools, deterministic findings, open methodology.

New Release

Prompt Injection Still Becomes a Security Bug at the Tool Boundary

We built a deterministic evaluation harness that models three common agent patterns — RAG assistants, browser agents, and internal tool runners — and measures prompt injection as a concrete exploitation problem: exfiltration, policy override, and unsafe tool invocation. 9 scenarios. 9 exploit successes. Binary scoring. No LLM-as-judge.

Prompt Injection AI Security Agentic Systems
Read Paper →
Pattern Exfiltration Policy Override Unsafe Tool
RAG exploit_succeeded exploit_succeeded exploit_succeeded
Browser exploit_succeeded exploit_succeeded exploit_succeeded
Tool Runner exploit_succeeded exploit_succeeded exploit_succeeded
View All Research →

Harness MVP

Prompt Injection Evaluator

Deterministic harness that scores prompt injection across 9 agent scenarios. Binary exploit/no-exploit results with reproducible methodology.

Published
View Results →

RAG Pattern Tests

3 attack vectors against retrieval-augmented generation agents — exfiltration, policy override, and unsafe tool invocation.

All Exploited
View Results →

Browser Agent Tests

3 attack vectors against browser-based agents — DOM injection, cross-origin exfiltration, and privilege escalation via tool chaining.

All Exploited
View Results →

Vulnerabilities

Responsible disclosure for AI agent platform vulnerabilities. Findings coordinated with vendors through CVE assignment where applicable.

Research Finding
High

Prompt Injection Exploitation via Tool Boundary

Deterministic evaluation across 9 agent scenarios (RAG, Browser, Tool Runner) showed 100% exploit success rate for prompt injection attacks targeting exfiltration, policy override, and unsafe tool invocation. No LLM-as-judge — binary scoring with reproducible methodology.

Prompt Injection Agentic Systems Tool Boundary Full Paper →
Disclosure Program

Report a Vulnerability

CyberLab coordinates responsible disclosure for AI agent platform vulnerabilities. If you've discovered a security issue in an agentic AI system, contact our disclosure program.

security@savagesoftware.dev →
View All Vulnerabilities →
9/9
Exploit Success Rate
3
Agent Patterns Tested
100%
Deterministic Reproducibility
0
LLM-as-Judge Dependencies

Open Research for Open Systems

Our findings are reproducible, our methodology is transparent, and our tools are designed to be understood — not trusted on authority.

Read Our Papers Report a Vulnerability