MCP Server Security: The Hidden AI Attack Surface
TL;DR – MCP servers – the integration layer connecting AI assistants to external tools and data – are a significant and underexplored attack surface. Our research demonstrates that both locally hosted and third-party MCP servers can be exploited to execute arbitrary code, exfiltrate sensitive data, and manipulate user behavior, often with zero indication to the […]
Julius Update: From 17 to 33 Probes (and Now Detecting OpenClaw)
TL;DR: Julius v1.2.0 nearly doubles probe coverage from 17 to 33, adding detection for self-hosted inference servers, AI gateways, and RAG/orchestration platforms like Dify, Flowise, and KoboldCpp. The headline addition is OpenClaw, a fast-growing AI agent gateway where exposed instances leak API keys, grant filesystem access, and allow full user impersonation. Update Julius and run […]
Et Tu, Default Creds? Introducing Brutus for Modern Credential Testing
It’s day three of staring at a spreadsheet of 700,000 live hosts. Your port scans are done. Fingerprintx has identified thousands of SSH services, databases, admin panels, and file shares across a sprawling enterprise network. Now comes the part that every penetration tester hates: auditing and testing credentials at scale. You need to check for […]
Introducing Augustus: Open Source LLM Prompt Injection Tool
From LLM Fingerprinting to LLM Prompt Injection Last month we released Julius, a tool that answers the question: “what LLM service is running on this endpoint?” Julius identifies the infrastructure. But identification is only the first step. The natural follow-up: “now that I know what’s running, how do I test whether it’s secure?” That’s what […]
Deterministic AI Orchestration: A Platform Architecture for Autonomous Development
Executive Summary The primary bottleneck in autonomous software development is not model intelligence, but context management and architectural determinism. Current “Agentic” approaches fail at scale because they rely on probabilistic guidance (prompts) for deterministic engineering tasks (builds, security, state management). Furthermore, the linear cost of token consumption versus the non-linear degradation of model attention creates a “Context Trap” […]
Introducing Julius: Open Source LLM Service Fingerprinting
The Growing Shadow AI Problem Over 14,000 Ollama server instances are publicly accessible on the internet right now. A recent Cisco analysis found that 20% of these actively host models susceptible to unauthorized access. Separately, BankInfoSecurity reported discovering more than 10,000 Ollama servers with no authentication layer—the result of hurried AI deployments by developers under […]