AI & Security Advisory
Get in touchInsights
Passwordless in the Enterprise
Going passwordless isn't about eliminating every password. It's about reducing credential exposure by redesigning identity across the organization — focusing on real users and devices, sequencing deployments correctly, and treating enrollment and recovery as first-class authentication flows.
Identity Verification in the AI Era
Deepfakes and AI-driven impersonation are eroding the assumptions traditional identity verification relies on. This article examines how organizations must rethink identity proofing, authentication, and trust when voice, video, documents, and digital presence can no longer be assumed real.
The Risk-Reward of AI Agents
AI agents promise real productivity gains, but introduce new risks around identity, access, and control. This article examines why agentic systems must be treated as identities, and what guardrails are required as agent adoption accelerates faster than security can keep up.
Manipulating Factuality in LLMs
An exploration of how factual knowledge in large language models can be modified using Rank-One Model Editing (ROME). The article demonstrates how pairwise associations can be altered to change specific facts in generated responses, highlighting both corrective and adversarial use cases.
Anatomy of Phishing Attacks
A deep technical walkthrough of how modern phishing attacks actually succeed in the real world. This article breaks down phishing as a system-level failure rather than a user mistake, showing how attackers exploit legitimate authentication flows to capture and replay credentials, session cookies, and access tokens.
Shadow AI is the new Data Leak
Unsanctioned AI usage and widespread LLM adoption are creating new data leakage paths for enterprises. This article explains how everyday AI workflows turn prompts into data egress points, which types of data are most at risk, and how organizations can restore visibility and control.
Reconstructing Biometric Data
Exploring how attackers can reverse-engineer biometric templates to reconstruct original data. The article examines template inversion attacks and discusses the privacy and security risks associated with improperly protected biometric systems.
Golden SAML: Bypassing SSO
Understanding how Golden SAML attacks forge authentication assertions to bypass identity providers. The article explains how compromised signing certificates enable attackers to mint legitimate authentication tokens that enable access across federated resources.
AI Agent Tool Poisoning
As AI agents gain autonomy through tool and API integrations, the toolchain itself becomes an attack surface. This research analyzes how “poisoned” tools can influence agent decision-making and execution, resulting in unintended actions, lateral movement, or security breaches.
Labs
Passkeys: Interactive Demo
An interactive, step-by-step exploration of how passkey-based authentication works in practice. This lab visually breaks down passkey registration and authentication flows, showing on-device key generation, cryptographic challenge signing, and server-side verification as they occur.
Identity Provider Internals
Build a lightweight identity provider from scratch to explore how modern identity systems work under the hood. This lab covers the core building blocks behind identity platforms used by large global enterprises, including directories, authentication flows, federation engines, and threat protection mechanisms.
Password Vault Internals
A browser extension–based password management solution built from scratch, featuring end-to-end encryption, pseudo-random secret generation, and multi-factor authentication. This lab explores the architecture and security principles behind modern password vaults and how these systems operate in practice.
Face Verification Internals
Build a facial verification system from scratch to explore how identity verification systems work under the hood. This interactive lab examines biometric matching, liveness detection, and deepfake defenses, similar to those used in enterprise-grade identity verification platforms.
AI Agent Guardrails Internals
Build guardrails for AI agents to understand how control and governance work in autonomous systems. This lab examines how agent instructions, tool access, and permissions translate into real capabilities, surfacing potential risk paths and unintended behavior before execution.