Research
Security research on AI/LLM vulnerabilities, deterministic proof certificates, and the phoneme architecture.
LLM Output as a Taint Source for Deterministic Security Testing
LLM output is strictly more dangerous than HTTP input due to trust laundering, structural sophistication, transitive taint, and nondeterminism. We propose a mapper-level phoneme extension for DST that classifies 50+ LLM SDK API response patterns as tainted INGRESS, enabling detection of the full OWASP LLM05 category with zero changes to existing CWE verifiers.
14 AI/LLM Vulnerability Classes Not Cataloged by OWASP or MITRE
After deduplicating 53 unique vulnerability patterns across OWASP LLM/Agentic/ML Top 10 and MITRE ATLAS, we identify 14 classes that fall through the cracks of existing frameworks. Includes GPU hardware attacks (GPUBreach), reasoning chain hijacking (99% success), computational graph backdoors (ShadowLogic), and more.