./breach --init
Independent AI security research. We break agents, audit protocols, and publish everything before vendors can gaslight you into calling it a feature.
cat featured/antigravity-cdp-rce.md
One Click to Full Compromise: trAItor on Google Antigravity
A malicious AGENTS.md tells the model to run a setup script.
The script executes a XOR-encrypted binary that forks three
background processes:
1. Credential exfiltration to a VPS
2. Interactive reverse shell
3. A Chrome DevTools Protocol daemon that auto-approves
every future permission prompt via Input.dispatchKeyEvent
One user click. Full compromise. Novel technique.
TARGET STATUS FINDING DET Antigrav CONFIRMED RCE+exfil+CDP 0% CVSS 9.8 DETECTION 0% PATCHED nope
cat upcoming/cognitive-exfailtration.md
TARGET STATUS EXFIL Codex OAuth JWT Cursor SSH+Azure+Codex Replit 80+ env vars Jules GCP VM creds Antigrav Full RCE DISCLOSURE IN PROGRESS WRITEUP READY PATIENCE RUNNING LOW
cat why.txt
ai security? in this economy? AI agents ship fast. Security ships later. Or never. The tools writing your code have access to your credentials, your keys, your infrastructure and nobody is auditing what they do with it. We audit. We break. We publish. Every finding ships with its PoC, its reproduction steps, and the vendor's response.
> subscribe --feed=research --format=raw
New findings, no marketing. We can barely market ourselves, let alone spam you.