Research & Writing
Ideas from the
safety frontier.
Technical research, threat analysis, and field notes from our work building foundational AI safety tooling.
analysis
46 Minutes: How a Poisoned Python Package Reached 47,000 AI Environments
A threat group called TeamPCP injected credential-stealing malware into LiteLLM versions 1.82.7 and 1.82.8 on PyPI. Nearly 47,000 downloads happened in 46 minutes. Here is what the attack did, how it started with a compromised security scanner, and what enterprises running AI agents need to check now.
research
When the Assembly Line Becomes the Attack Surface: Supply Chain Threats in the Age of AI Agents
Software supply chain attacks can steal your credentials in minutes. Now AI agents are running the same attacks autonomously. What the hackerbot-claw campaign against Microsoft, DataDog, and Aqua Security reveals about the enterprise AI security gap.