Security · May 31, 2026
Memory poisoning turns prompt injection into a stateful attack. MINJA achieves 95% injection success, AgentPoison exceeds 80% at under 0.1% poison rate, and Gemini's memory feature was compromised through delayed tool invocation. Here's what defense in depth actually requires.
Keep reading
A single operator just ran 674 adversarial attacks against Llama Scout in three hours with an 85% success rate — using an AI red teaming agent. Traditional pentesting and manual red teams can't match this velocity. Here's what the shift to agent-orchestrated adversarial testing means for enterprise security programs.
The Model Context Protocol is now critical infrastructure — confirmed by the NSA's formal Cybersecurity Information Sheet. From transport-layer interception to context poisoning to supply chain threats, every MCP deployment faces a five-layer attack surface that traditional API security doesn't cover.
Static roles can't govern agents that shift from read-only research to production deployment in ten minutes. The confused deputy problem is the default architecture for most agent deployments. Here's why RBAC+ABAC with tool-scoped permissions is the minimum viable authorization model for 2026.