500,000 Vulnerabilities, 14 That Matter: How Exploit Chain Analysis Cuts Through the Noise
When 500,000 Findings Hide 14 Real Threats Modern enterprises ingest vulnerability data from dozens of sources: endpoint detection and response platforms, vulnerability scanners, cloud security posture tools, container image scanners. A large organization can easily accumulate hundreds of thousands of individual findings. The standard response is to sort by CVSS score, filter for criticals, and […]
The Attack Helix: Praetorian’s AI & Economic Architecture for Offensive Security
The Kill Chain models how an attack succeeds. The Attack Helix models how the offensive baseline improves. The Tipping Point One person. Two AI subscriptions. Ten government agencies. 150 gigabytes of sovereign data. In December of 2025, a single unidentified operator used Anthropic’s Claude and OpenAI’s ChatGPT to breach the Mexican government agencies and a financial institution. […]
Bypassing LLM Supervisor Agents Through Indirect Prompt Injection
Indirect prompt injection lets attackers bypass LLM supervisor agents by hiding malicious instructions in profile fields and contextual data. Learn how this attack works and how to defend against it.
Meet Vespasian. It Sees What Static Analysis Can’t.
Praetorian is excited to announce the release of Vespasian, a probabilistic API endpoint discovery, enumeration, and analysis tool. Vespasian watches real HTTP traffic from a headless browser or your existing proxy captures and turns it into API specifications (OpenAPI, GraphQL SDL, WSDL). We built it because pentesters spend the first days of every API engagement […]
Your API Has Authorization Bugs. Hadrian Finds Them.
Authorization vulnerabilities are the most common critical finding in our API penetration tests. We find them on nearly every engagement: a user changes an ID in the URL and gets back another user’s data. Broken Object Level Authorization (BOLA) has been the #1 risk on the OWASP API Security Top 10 since the list was […]
Reflecting on Your Tier Model: CVE-2025-33073 and the One-Hop Problem
The False Sense of Security SMB signing on domain controllers has become standard practice across most Active Directory environments. But this hardening may have created a false sense of security. CVE-2025-33073 changes the calculus by removing the prerequisite of admin access, enabling NTLM relay attack Active Directory exploitation through unconstrained delegation. Domain controllers enforce SMB […]
Which Came First: The System Prompt, or the RCE?
During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude (Opus 4.5) and a third-party asset management platform. The idea is simple: instead of clicking through dashboards and making API calls, users just ask the agent to do it for them. “How many open tickets do […]
Azure APIM Signup Bypass: 97.9% of Developer Portals Still Exploitable Anonymously and from the Internet
The Azure APIM signup bypass is a critical vulnerability affecting 97.9% of internet-facing Developer Portals. Azure API Management (APIM) exposes APIs to external consumers through a Developer Portal, the interface where developers self-register, obtain API keys, and make API calls. The default APIM configuration ships with Basic Authentication enabled as the identity provider and the […]
AI-Driven Offensive Security: The Current Landscape and What It Means for Defense
The capabilities of modern AI models have advanced far beyond what most people in the security industry have fully internalized. AI-generated phishing, script writing, and basic offensive automation are getting plenty of attention, but what happens when you apply agentic AI to the full lifecycle of building, testing, and refining custom malware and command-and-control (C2) […]
Reunifying the Cloud: Introducing Aurelian for Multi-Cloud Security Testing
You are one week into a cloud penetration test. The client handed you an AWS access key, pointed you at three Azure subscriptions, and mentioned a GCP project that “someone on the platform team set up last year.” Your objective: find everything that is exposed, misconfigured, or one IAM policy away from a full compromise. […]