Cloud & AI Security Research

Hands-on exploit research at the intersection of cloud infrastructure & AI systems

$ cat mission.txt

Hands-on exploit research in controlled lab environments. Focused on LLM security, AI service misconfigurations, cloud infrastructure attack surfaces, and AI supply chain threats. All findings published with reproducible evidence.

$ ls focus/

llm-security/prompt-injection/ai-supply-chain/sagemaker/bedrock/aws/azure-openai/rag-poisoning/cloud-misconfig/ai-red-team/

$_▊

# latest_research

view all →

2026-02-27

CVE Hunter: AI/ML Framework Security Audit — The $4.88M Problem You're Ignoring

A comprehensive audit of CVE vulnerabilities across AI/ML frameworks — including PyTorch, TensorFlow, LangFlow, SGLang, and Ollama — with real cost analysis, automated scanning infrastructure via Terraform, and a complete detection lab you can deploy today.

ai-securityml-securitycvevulnerability-managementtensorflowpytorchsagemakerowaspnistlab

2026-02-26

Why AWS WAF Costs $500+/Month (And How to Do It for $50)

A deep-dive into the real cost of running AWS WAF at scale — including the hidden fees AWS doesn't advertise — and a complete alternative architecture using open-source WAFs that cuts your bill by 90%.

awswafcost-optimizationopen-sourcecorazacrowdseccloud-security

2026-02-25

AI API Key Leakage — Lambda, S3, and Jupyter Notebook Exposure

Live lab demonstrating how AI service API keys (OpenAI, Bedrock, HuggingFace) end up exposed in Lambda environment variables, S3 .env files, and Jupyter notebooks — plus remediation via Secrets Manager.

aisecretslambdabedrockcloud-securitylab