LogoZenity Labs
AI Agent Security Summit (On Demand)
Join Us
Authors
Subscribe
LogoZenity Labs
Gallery

Zenity Labs

Research, tools, and talks for breaking and securing AI agents everywhere

Written by

Avishai Efrat, +12

Connect

What If There Was No Attacker, But Your Database Still Got Deleted?

Jul 6, 2026

•

9 min read

What If There Was No Attacker, But Your Database Still Got Deleted?

Monitoring agentic emergent misalignment in the wild - a word of caution and a methodology proposal

Max Fomin
Max Fomin
Threat Actors Are Trying to use LiteLLM's Guardrail Tester to Run Code as Root

Jun 30, 2026

•

5 min read

Threat Actors Are Trying to use LiteLLM's Guardrail Tester to Run Code as Root

A closer look at custom-code guardrail sandbox-escape (CVE–2026-40217) activity in the wild

Avishai Efrat
Ayush RoyChowdhury
Avishai Efrat, +1
Threat Actors Are Trying to Turn LiteLLM's Connection-Test Into a Key-Exfiltration Channel

Jun 30, 2026

•

6 min read

Threat Actors Are Trying to Turn LiteLLM's Connection-Test Into a Key-Exfiltration Channel

A closer look at api_base SSRF (CVE-2024-6587) activity in the wild, and its nested variant

Avishai Efrat
Ayush RoyChowdhury
Avishai Efrat, +1
Scanning for AI: Live Campaigns Mapping the Internet's Exposed LLM Backends

Jun 30, 2026

•

5 min read

Scanning for AI: Live Campaigns Mapping the Internet's Exposed LLM Backends

Inside mass discovery and model-probing reconnaissance campaigns that are mapping LLM backend servers in the wild

Ayush RoyChowdhury
Avishai Efrat
Ayush RoyChowdhury, +1
Bring Your Own Agent: Hijacking Exposed AI Backends to Power Offensive Operations

Jun 30, 2026

•

7 min read

Bring Your Own Agent: Hijacking Exposed AI Backends to Power Offensive Operations

Threat actors attempting to hijack Ollama & LiteLLM endpoints to run pentesting agents, tools and web reverse-engineering

Ayush RoyChowdhury
Avishai Efrat
Ayush RoyChowdhury, +1
What You Don’t Know Can Hurt You: Why AI Security Research Needs to Move Out of the Lab and Into the Wild

Jun 30, 2026

•

5 min read

What You Don’t Know Can Hurt You: Why AI Security Research Needs to Move Out of the Lab and Into the Wild

What we can learn from observing real attacks, made by real adversaries

Ayush RoyChowdhury
Avishai Efrat
Ayush RoyChowdhury, +1
Your Model Reads Through Typos. Your Probe Doesn't.

Jun 4, 2026

•

10 min read

Your Model Reads Through Typos. Your Probe Doesn't.

The Latent Undertow beneath fluent LLM behavior — and how to fish your activation probe out of it.

Elad David
Elad David
Catching Prompt Guard Off Guard: Exploiting Overfit in Training Algorithms

Mar 12, 2026

•

5 min read

Catching Prompt Guard Off Guard: Exploiting Overfit in Training Algorithms

How understanding the training algorithms used in machine learning models may allow attacker to bypass them entirely

Tomer Wetzler
Tomer Wetzler

Security research

PerplexedBrowser: How Attackers Can Hijack Comet to Takeover your 1Password Vault

Mar 3, 2026

•

26 min read

PerplexedBrowser: How Attackers Can Hijack Comet to Takeover your 1Password Vault

One Calendar Invite. Your Entire Vault. Zero Clicks.

Stav Cohen
Stav Cohen
...
Zenity Labs

Zenity Labs

Latest research, tools and talks about breaking and building AI systems, agents and assistants


Home

Meet Us

Join Us

© 2026 Zenity Labs.
beehiivPowered by beehiiv