The AI Evasion Lab
Sophos X-Ops uncovered a threat actor using Claude Opus 4.5 and Cursor IDE to build an automated, modular EDR evasion framework — 80 modules, 70+ techniques, tested against Sophos, CrowdStrike, and Defender.
Security Research & Analysis
Offensive thinking.
Offensive thinking.
Defensive expertise.
In-depth red team research, blue team strategy — and privacy-first security tools that run entirely in your browser. No accounts. No telemetry. No data leaves your machine.
Featured
Latest research
Archive
Recent posts
Why Finland and Japan Consistently Top Every Cybersecurity Metric
Finland and Japan lead global cybersecurity rankings across multiple independent measures. The explanation is not primarily technical — it is socioeconomic.
No One in the Loop: The Autonomous Weapons Race
China's so-called 'kill them all' drone algorithm made headlines. But the real story is bigger: major militaries are racing to reduce human involvement in lethal decisions, and the window to regulate them is narrowing.
OAuth Consent Phishing in 2026: MFA Stops Password Theft, Not Bad App Grants
Attackers do not always need your password. A single OAuth consent grant can give a malicious or compromised app durable access to mail, files, calendars, and SaaS data.
AI Bug Hunting in Browsers: Discovery Is Becoming the Easy Part
Mozilla used Claude Mythos Preview to identify and fix 271 Firefox security bugs, while Chrome shipped a separate 151-fix security update. The lesson is not that AI replaces security teams. It is that patching, triage, and verification are becoming the bottleneck.
Poisoned AI: How Hugging Face Became a Malware Distribution Platform
A fake OpenAI repo hit #1 trending on Hugging Face with 244K downloads in 18 hours. Here's every attack vector targeting AI model repositories — and how to defend against them.
The IT Guy Who Wasn't: How Attackers Walk Through Your Front Door
Physical social engineering is back — and the attacker doesn't have to be an IT guy. Learn how anyone with the right uniform and pretext can walk through your front door, and how organizations can fight back.