Zenity Labs

Scaling AppSec With an SDL for Citizen Development

A blog version for the talk presented at BlueHat 2024

Links and materials for Scaling AppSec With an SDL for Citizen Development

Links, demos, tools and slides for BlueHat 2024

Sure, Let AI Browse the Internet—What Could Possibly Go Wrong?

Internet browsing for AI agents leads to 0click compromise but these mitigations can help

TTPs.ai for GenAI-Targeted Attacks

Guiding threat simulation and defense for Copilots and Agents

Over Permissions in Salesforce Einstein and Unexpected Consequences

Outsmarting Copilot: Creating Hyperlinks in Copilot 365

The Long and Winding Road of DLP Patches in Power Platform

Reviewing Microsoft's Fix for the 'All You Need Is Guest' DLP Bypass

A Summary of Zenity Research Published at BlackHat 2024

New Attack Vectors Discovered for Initial Access and Post-Compromise

Copilot Vulnerable to RCE: A New Attack Vector Into The Enterprise

We Need To Address Promptware Now

Phantom References in Microsoft Copilot

Links and materials for Living off Microsoft Copilot

Links, source code, tools and slides for BlackHat USA 2024

Indirect Prompt Injection: Advanced Manipulation Techniques