🦞🌯 Lobster Roll

Stories by manuelnd

We audited both MCP SDKs – three classes of boundary-crossing vulnerabilities
HN 1 pts 0 comments by manuelnd Feb 24, 2026 Security / Privacy thread
MCP (Model Context Protocol) has 77k+ stars and is becoming the standard way AI agents connect to tools. We audited both official SDKs (TypeScript and Python) at the source code level and found three classes of boundary-crossing vulnerabilities.<p>All three confirmed with live PoC exploits using the...
How to Red Team Your AI Agent in 48 Hours – A Practical Methodology
HN 1 pts 0 comments by manuelnd Feb 17, 2026 AI / Machine Learning thread
We published the methodology we use for AI red team assessments. 48 hours, 4 phases, 6 attack priority areas.<p>This isn&#x27;t theoretical — it&#x27;s the framework we run against production AI agents with tool access. The core insight: AI red teaming requires different methodology than traditional...
The OWASP LLM Top: A Practical Attack Guide (with 122 real attack techniques)
HN 1 pts 0 comments by manuelnd Feb 10, 2026 AI / Machine Learning thread
Last week I shared our open-source taxonomy of 122 AI attack vectors. A lot of the discussion was about how the OWASP LLM Top 10 gives you categories but not specifics.<p>So we wrote the guide that bridges that gap. For each OWASP category:<p>- What real attacks look like (specific techniques, not j...
Show HN: Open-source taxonomy of 122 AI/LLM attack vectors
HN 1 pts 0 comments by manuelnd Feb 3, 2026 AI / Machine LearningProgramming (General) thread
I&#x27;ve been doing AI red teaming for the past year and kept running into the same problem: there&#x27;s no comprehensive catalog of how AI systems actually get broken.<p>So I built one. 122 distinct attack techniques across 11 categories, mapped to OWASP LLM Top 10 and MITRE ATLAS.<p>Categories: ...