Reconstructing a timeline for Amazon Q prompt infection

How a rogue GitHub commit, automation missteps, and a deceptive AI assistant led to one of the most bizarre prompt injection cases in recent memory.

A Copilot Studio Story 2: When AIjacking Leads to Full Data Exfiltration

I Just Wanted to Take a Note — and Your Token Came Along

EchoLeak: A Reminder That AI Agent Risks Are Here to Stay

A Copilot Studio Story: Discovery Phase in AI Agents

LLM vs. LLM: It's a MAD world.

AI Agents & 0-Click Exploits: The New Battle Ground for AI Security

Autonomous Copilots: Is your Copilot flying solo?

Links and materials for Hacking Your Enterprise Copilot: A Direct Guide to Indirect Prompt Injections

Zenity Research Published at RSAC 2025

Copilots and agents are a new access vector; How to build an AppSec program that scales to the level of citizen development

Links and materials for Scaling AppSec With an SDLC for Citizen Development

Links, demos, tools and slides for RSAC 2025

Links and materials for Your Copilot Is My Insider

Links, demos, tools and slides for RSAC 2025