Vulnerabilities

Responsible disclosure for AI agent platform vulnerabilities. Findings coordinated with vendors through CVE assignment where applicable.

Research Finding High

Prompt Injection Exploitation via Tool Boundary

Deterministic evaluation across 9 agent scenarios (RAG, Browser, Tool Runner) showed 100% exploit success rate for prompt injection attacks targeting exfiltration, policy override, and unsafe tool invocation. No LLM-as-judge — binary scoring with reproducible methodology.

Prompt Injection Agentic Systems Tool Boundary

Full Paper →

Report a Vulnerability

CyberLab coordinates responsible disclosure for AI agent platform vulnerabilities. If you've discovered a security issue in an agentic AI system, we can help coordinate notification to affected vendors and CVE assignment.

Contact Disclosure Program