Security research, technical deep-dives, and insights on AI agent security from the Inkog team.
We scanned 561 open-source AI agent repositories, drove the false-positive rate to zero, and opened a disclosure pipeline. Here is what we learned — methodology, top patterns, and the raw numbers.
A walkthrough of the dev-flow security loop: build an agent in Claude Code, scan it with the Inkog MCP, explain and fix findings in the same conversation.
We analyzed CrewAI's delegation system and found unsigned agent-to-agent communication. Here's why multi-agent workflows need message authentication.
We scanned 500+ open-source AI agent repositories for security vulnerabilities. The results reveal a systemic gap between AI agent adoption and AI agent security.
OpenAI acquired Promptfoo. What changes for teams that need vendor-independent AI agent security, and how static analysis fills the gaps eval frameworks leave open.
Inkog Deep goes beyond pattern matching — it understands your agent's purpose, maps its architecture, and explains why findings matter.
The EU AI Act enforcement begins August 2, 2026. A practical checklist covering Article 14 (Human Oversight), Article 15 (Robustness), risk classification, and automated compliance monitoring with GitHub Actions.
Claude, Copilot, and Cursor are great at reviewing code — but they are not security scanners. Six gaps between AI code review and automated security scanning for AI agents.
NIST announced the AI Agent Standards Initiative on February 18, 2026 — the first US federal effort targeting AI agent governance. Key deadlines, pillars, and how to prepare.
A practical guide to detecting and preventing prompt injection attacks in LLM-powered applications, with code examples and YAML rules.
Find the vulnerabilities we write about — in your own code.