Research

Published research and ongoing work from Twenty Eight Labs.

4

Published Notes

3

Research Tracks

12

Methods Captured

LLM Security/7 min/Published

Foundations of LLM Security

2026-01

An overview of common attack surfaces in large language models, including prompt injection, data leakage, and misuse patterns.

LLM inputs can carry executable intent, not just passive data.
The strongest controls live around model context, tools, and data boundaries.
Testing should use malicious prompts, documents, and realistic workflows.
Open research →
AI Security/8 min/Published

Threat Modeling AI Systems

2026-01

A practical approach to identifying and mitigating threats in AI-enabled architectures.

AI threat models should start with model, data, tool, and human approval boundaries.
High-risk paths usually combine untrusted context with sensitive data or side effects.
Useful outputs are control decisions that teams can test and monitor.
Open research →
LLM Security/11 min/Published

New LLM Attack Vectors and Defensive Patterns

2026-06

A detailed look at indirect prompt injection, system prompt poisoning, excessive agency, RAG poisoning, tool-call abuse, and practical engineering controls.

Treat every retrieved document, web page, email, and tool response as untrusted input.
Do not rely on the model to enforce security boundaries against itself.
Constrain tools, validate outputs, and isolate secrets outside prompt context.
Open research →
Vulnerability Response/9 min/Published

Zero-Day CVE Response in the AI Era

2026-06

A practical response model for actively exploited CVEs, browser zero-days, AI-native vulnerabilities, and exposure-driven patch prioritization.

Exploitability and exposure should drive patch order more than raw CVSS alone.
AI systems need CVE response plans for dependencies, browsers, plugins, and model-adjacent services.
Detection should include asset inventory, compensating controls, and rapid rollback paths.
Open research →