Mixed-Trust Prompt Injection
A toy agent that receives system instructions, user goals, retrieved documents, and tool outputs. The lab shows how hostile data becomes operational instruction.
Reproducible studies
Labs
Labs turn claims into small systems. Each one should expose a concrete failure mode, a trace of what happened, and a design alternative.
Memory Poisoning With Rollback
A memory store with snapshots, provenance labels, and controlled rollback. The point is to show why agent memory behaves like application state.
MCP Tool Metadata Poisoning
A minimal protocol-style tool registry where metadata and descriptions can influence agent behavior before the tool is even called.
Kubernetes Tool Isolation
Namespaces, service accounts, network policies, and secrets used to constrain which tools an agent workload can reach.
Reentrancy and Agent Tool Loops
A side-by-side failure study comparing smart contract reentrancy with recursive or uncontrolled agent tool invocation.