Latest / AI Agent Security
AI Agent Security Assessment: What to Review Before Production
A pre-launch review list for AI agents that touch production APIs, customer data, tools, memory, or RAG context.
Read latestInsights
Research, in the open.
Analysis of AI-security threats, autonomous-agent risk, and the techniques attackers actually use, published through KevinBytes.
Field guide
OWASP LLM Top 10, mapped to real AI systems.
A visual guide to the 2025 OWASP categories for AI agents, RAG, MCP, and tool-connected applications.
Open the OWASP guideArchive
Published research and technical guides.
Showing 11 of 11 posts.
AI Agent Security10 min read
AI Agent Security Assessment: What to Review Before Production
A pre-launch review list for AI agents that touch production APIs, customer data, tools, memory, or RAG context.
Last reviewed May 4, 2026Read guide
MCP Security11 min read
MCP Security Review Checklist: How to Assess Tool-Connected LLM Systems
A security checklist for MCP servers, clients, OAuth flows, tokens, tools, permissions, trust boundaries, logging, and blast radius.
Last reviewed May 4, 2026Read guide
AI Agent Security10 min read
What Is AI Agent Blast Radius?
AI agent blast radius is the maximum plausible damage an agent can cause if manipulated, misconfigured, over-permissioned, or exposed to hostile context.
Last reviewed May 4, 2026Read guide
RAG Security9 min read
RAG Security Assessment: Tenant Isolation, Data Leakage, and Prompt Injection Risks
How to review RAG systems for authorization failures, tenant-isolation gaps, prompt injection, vector-store leakage, document poisoning, and audit logging.
Last reviewed May 4, 2026Read guide
Security Diligence8 min read
AI Red Team vs. LLM Pentest vs. AI Security Assessment: What's the Difference?
How founders, CTOs, CISOs, and product-security teams can choose between an AI red team, LLM pentest, AI security assessment, or production readiness review.
Last reviewed May 4, 2026Read guide
Security Diligence9 min read
How to Build AI Agents That Pass Enterprise Security Review
How engineering and product teams can prepare AI agents for enterprise security review, production launch, customer diligence, and governance scrutiny.
Last reviewed May 4, 2026Read guide
MCP Security9 min read
MCP Threat Model: Clients, Servers, Tools, Tokens, and Trust Boundaries
An MCP threat model for teams connecting LLMs and AI agents to tools, OAuth tokens, APIs, local servers, SaaS systems, and production workflows.
Last reviewed May 4, 2026Read guide
Prompt Injection8 min read
Indirect Prompt Injection Through Documents, Emails, Webpages, and Tool Output
How indirect prompt injection reaches AI agents through RAG systems, copilots, MCP tools, webpages, emails, PDFs, memory, and tool outputs.
Last reviewed May 4, 2026Read guide
AI Agent Security9 min read
AI Agent Tool Permissions: Read, Write, Delete, Send, Execute, Deploy
A framework for classifying AI agent tool permissions by business impact, authorization boundary, required controls, and production readiness.
Last reviewed May 4, 2026Read guide
RAG Security8 min read
RAG Authorization Anti-Patterns: When Vector Search Bypasses Access Control
Common RAG authorization failures, tenant-isolation gaps, vector-store access-control mistakes, source attribution issues, and safer retrieval design.
Last reviewed May 4, 2026Read guide
Post-Incident Engineering6 min read
Post-Incident Engineering: Technical Assessment for Legal and Executive Review
How disciplined engineering assessment helps legal, insurance, and executive teams understand root cause, technical exposure, and the next defensible decision...
Last reviewed June 20, 2026Read guide