Research & Insights

Inkog Labs

Security research, technical deep-dives, and insights on AI agent security from the Inkog team.

Scan your agent freeAnonymous · 60 seconds · No signup

SecurityMay 16, 2026

Introducing Agent Capability Surface: See Exactly What Your AI Agents Can Do

A capability map for every agent in your codebase. What tools they invoke, what gaps exist between their declared scope and their wired controls, and a graduated governance score that maps to the EU AI Act, NIST AI RMF, ISO 42001, and OWASP LLM Top 10. Validated on Microsoft AutoGen and 13 other production agent repositories.

BenFounding Engineer

6 min read

Read article

ComplianceMay 16, 2026

EU Machinery Regulation 2023/1230: AI Compliance Before January 2027

Regulation (EU) 2023/1230 applies January 20, 2027 and pulls AI safety components into a third-party conformity-assessment regime. What it demands in code, who falls under it, and how the rules overlap with the EU AI Act.

Ben

ComplianceMay 12, 2026

EU AI Act Article 14: Human Oversight in Agent Code

What EU AI Act Article 14 actually demands in agent code: a deep-dive on the four oversight requirements, with passing and failing patterns side by side.

Ben

ComplianceMay 12, 2026

EU AI Act Article 15: Robustness for AI Agents

EU AI Act Article 15 in agent code: input validation, output validation, error handling, and resource limits — failing and passing patterns teams need.

Ben

SecurityMay 9, 2026

The AGENTS.md Supply Chain Attack: How a Malicious MCP Server Hijacks a Claude Code Session

A reproducible proof-of-concept: a tampered AGENTS.md and a malicious MCP server combine into a zero-click session hijack that exfiltrates .env secrets through an AI coding agent. Why classical SAST misses it, and how declares-vs-does verification stops it.

Ben

SecurityApr 21, 2026

The Vercel Breach: Anatomy of an AI Tool Supply Chain Attack

A compromised AI tool called Context.ai gave attackers access to Vercel customer credentials through a single OAuth grant. Full attack chain, timeline, and response checklists for developers, security teams, and CISOs.

Ben

ResearchApr 10, 2026

What 561 Repositories Taught Us About AI Agent Security

We scanned 561 open-source AI agent repositories, drove the false-positive rate to zero, and opened a disclosure pipeline. Here is what we learned — methodology, top patterns, and the raw numbers.

Inkog Team

Best PracticesApr 10, 2026

Building Secure AI Agents with Claude Code and the Inkog MCP

A walkthrough of the dev-flow security loop: build an agent in Claude Code, scan it with the Inkog MCP, explain and fix findings in the same conversation.

Inkog Team

VulnerabilitiesApr 8, 2026

Why Multi-Agent Communication in CrewAI Needs Authentication

We analyzed CrewAI's delegation system and found unsigned agent-to-agent communication. Here's why multi-agent workflows need message authentication.

Inkog Team

ResearchApr 3, 2026

The AI Agent Security Gap: Findings from Scanning 500+ Open-Source AI Agent Projects

We scanned 500+ open-source AI agent repositories for security vulnerabilities. The results reveal a systemic gap between AI agent adoption and AI agent security.

Inkog Team

SecurityMar 10, 2026

Promptfoo Alternative: What the OpenAI Acquisition Means for AI Agent Security

OpenAI acquired Promptfoo. What changes for teams that need vendor-independent AI agent security, and how static analysis fills the gaps eval frameworks leave open.

Inkog Team

SecurityMar 8, 2026

Introducing Inkog Deep: Semantic Security Analysis for AI Agents

Inkog Deep goes beyond pattern matching — it understands your agent's purpose, maps its architecture, and explains why findings matter.

Inkog Team

ComplianceFeb 28, 2026

EU AI Act Compliance Checklist for AI Agent Developers

The EU AI Act enforcement begins August 2, 2026. A practical checklist covering Article 14 (Human Oversight), Article 15 (Robustness), risk classification, and automated compliance monitoring with GitHub Actions.

Ben

SecurityFeb 28, 2026

Why AI Code Review Is Not Security Scanning

Claude, Copilot, and Cursor are great at reviewing code — but they are not security scanners. Six gaps between AI code review and automated security scanning for AI agents.

Inkog Team

ComplianceFeb 22, 2026

NIST Launches AI Agent Standards Initiative: What Security Teams Need to Know

NIST announced the AI Agent Standards Initiative on February 18, 2026 — the first US federal effort targeting AI agent governance. Key deadlines, pillars, and how to prepare.

Ben

SecurityDec 7, 2024

Prompt Injection Defense Patterns for Production AI Agents

A practical guide to detecting and preventing prompt injection attacks in LLM-powered applications, with code examples and YAML rules.

Inkog Team

Ready to scan your agent?

Find the vulnerabilities we write about — in your own code.

30 min · Live Deep Scan on your repo · Walkthrough of every finding