Eresus research, advisory, and security news
We collect writing, advisories, and current-event analysis around AI security, the MCP ecosystem, application security, and real attack chaining here.
Latest Posts
The Legal Mandate of Penetration Testing in GDPR and Data Privacy Compliance
Is penetration testing legally mandatory under GDPR or similar privacy laws? Discover what regulators actually demand to avoid catastrophic compliance...
What is Agentic Cybersecurity? Are AI Agents Replacing Pentesters?
Discover the differences between Agentic Security architecture and manual penetration testing, and explore the future of AI in offensive cybersecurity.
Breaking MCP Authentication: How a Single Line of Code Exposes an Entire Legal Database
Eresus Security discovers a critical authentication bypass in yargi-mcp, a popular open-source MCP server for Turkish legal databases. A single...
Critical Authentication Bypass via JWT Signature Verification Disabled in yargi-mcp
Critical authentication bypass vulnerability (CVE pending) in yargi-mcp OAuth endpoint allowing full system access due to disabled JWT signature...
What is a Vector Database? Its Role in AI and LLM Security
How do Vector Databases, the heart of modern AI (LLM) projects, actually work? Discover everything you need to know to prevent data leakage and...
Structuring and Securing AI Microservices in Python (FastAPI)
Why must you transition from monolithic setups to a microservices architecture when exposing AI models to the public? Designing attack-resistant Python...
Why Should We Use Rust for AI-Powered Backend Systems?
When AI assistants are writing half your code, how do you ensure system security? Discover the superiority of the Rust language and its Memory Safety...
Cloud Security: AWS IAM Flaws and One-Click Privilege Escalation
Why do 80% of organizations using Cloud Computing (AWS, Azure) suffer massive breaches strictly through misconfigured Identity and Access Management...
Authentication in AI Applications: LLM Sessions and Data Privacy
Vulnerable JWT management and Context Hijacking attacks in Chatbots, RAG architectures, and AI assistants. Learn how to architect robust Authentication...