Turn offensive research into defensible proof
The Eresus research hub interprets AI security, MCP, API attack paths, CVE analysis, Kubernetes, and cloud risk through real exploitability. The goal is not more alerts; it is clarity on which risks deserve closure first.
AI, LLM, and MCP security
Research on prompt injection, MCP server risk, AI agent runtime boundaries, RAG data exposure, and model supply chains.
CVE and exploitability analysis
We interpret new vulnerabilities by real exploitability, impact, and remediation priority instead of CVSS score alone.
API, SaaS, and identity attack paths
Technical notes on BOLA/IDOR, tenant breakout, JWT/OAuth mistakes, backend business logic, and session architecture.
Cloud, Kubernetes, and DevSecOps
Practical research on IAM privilege escalation, Kubernetes RBAC, secret handling, GitOps, and CI/CD security.
Research should support service pages and incident decisions.
Every advisory, CVE note, or technical analysis should connect to a related service, remediation decision, and retest workflow. That turns content into trust and sales enablement, not just traffic.
Real Vulnerabilities. Not Theoretical.
Anonymized findings from real engagements demonstrating depth, rigor, and actual business impact.
RCE Chain
Remote code execution via deserialization flaw chained with file upload bypass. Full server compromise achieved.
SSRF to Internal Access
Server-side request forgery exploited to pivot into internal network and access sensitive configuration stores.
Authentication Bypass
JWT validation flaw allowed complete authentication bypass across multi-tenant environment.
Privilege Escalation
IDOR combined with broken access control allowed horizontal and vertical privilege escalation.
Insecure AI Integration
Prompt injection in customer-facing LLM agent led to internal data exfiltration and action execution.
AI Data Exposure
Training data leakage through model inference endpoints exposed PII and proprietary business data.
Research, Advisories & Intelligence
Eresus Labs publishes research, advisories, and AI security analysis to document emerging attack paths and defensive lessons.
Security Research
Hands-on research into application, cloud, and AI attack techniques.
Technical Advisories
Actionable advisories with root cause detail, impact explanation, and remediation guidance.
Responsible Disclosure
Coordinated disclosure for vulnerabilities identified through Eresus research.
AI Security Insights
Research on prompt injection, tool misuse, model exposure, and AI supply chain risk.
Attack Surface Trends
Periodic analysis of exposed services, common weaknesses, and attack-surface shifts.
Advisory Reports
Long-form technical reports for teams that need context beyond a short blog post.