Agentic Thoughts

40 Threat Scenarios for MCP, A2A and AG-UI

Last week I published the Open Agent Threat Format (OATF) specification, a YAML-based format for describing and reproducing attacks against AI agents. Today I'm releasing the companion to that specifi

Mar 20, 20265 min read

Depth vs breadth: the two kinds of AI agent security testing

Gartner predicts up to 40% of enterprise apps will feature AI agents by end of 2026, up from less than 5% in 2025. That could sharply expand the agent attack surface in a single year. And there is no

Mar 12, 20267 min read

A Declarative Schema for MCP Attacks: Why We Need One

Mapping the OWASP MCP Top 10 to Adversarial YAML Definitions

Feb 13, 20269 min read

Command Palette

Latest articles