Zenity Research Published at RSAC 2025

Copilots and agents are a new access vector; How to build an AppSec program that scales to the level of citizen development

Links and materials for Scaling AppSec With an SDLC for Citizen Development

Links, demos, tools and slides for RSAC 2025

Links and materials for Your Copilot Is My Insider

Links, demos, tools and slides for RSAC 2025

Sure, Let AI Browse the Internet—What Could Possibly Go Wrong?

Internet browsing for AI agents leads to 0click compromise but these mitigations can help

TTPs.ai for GenAI-Targeted Attacks

Guiding threat simulation and defense for Copilots and Agents

Over Permissions in Salesforce Einstein and Unexpected Consequences

Outsmarting Copilot: Creating Hyperlinks in Copilot 365

The Long and Winding Road of DLP Patches in Power Platform

Reviewing Microsoft's Fix for the 'All You Need Is Guest' DLP Bypass

A Summary of Zenity Research Published at BlackHat 2024

New Attack Vectors Discovered for Initial Access and Post-Compromise

Copilot Vulnerable to RCE: A New Attack Vector Into The Enterprise

We Need To Address Promptware Now

Phantom References in Microsoft Copilot

Links and materials for Living off Microsoft Copilot

Links, source code, tools and slides for BlackHat USA 2024