security 5
- The Model Wasn't Malicious, the Boundary Held Anyway
- The Signature Verified, the Authority Widened Anyway: Capability Serialization Attacks
- Capability Boundaries Have No Memory: Preventing AI Agent Data Exfiltration
- Prompt Injection Is an Authorization Bug: Capability-Bounded AI Agents
- OAuth 2.0 Device Authorization Grant Security (RFC 8628)