Vulnerability-Disclosure

AI Security

Agentic Trust Debt: How 'Agent-Controlled Input' Became the New Buffer Overflow

Apr 28, 2026

Five AI agent frameworks disclosed the same vulnerability class in a single week, and the MCP SDK STDIO injection extended the pattern across four language ecosystems. The cluster reads like the buffer overflow era: a field-level conceptual gap in how agentic systems handle trust, not a string of individual implementation bugs.

7 min read

Threat Intelligence

The Mental Model Is the Vulnerability

Mar 27, 2026

Five AI infrastructure disclosures in one day share the same root cause: the gap between what users believe their security settings do and what the framework actually executes.

5 min read