Offensive security for the swarm.
Independent security researcher — multi-agent & embodied AI.
Founder of MASec Lab: offensive tooling & audit methodology for the layer between agents.
maseclab.com · Blog · x.com/maseclab · HackerOne ·
Offensive security + agentic-AI safety. The industry is racing to test AI models; the riskier surface — how agents coordinate, delegate and act together — goes largely unexamined. I build the methodology and tooling for that layer, and publish it openly.
Single-agent safety doesn't compose. The boundary moved from the model to the protocol traffic between agents — that's where MASec Lab works.
| CyberAI — AI-native offensive platform | Specialist agents run recon, exploitation and reporting as one coordinated system. Native tool-calling, prompt-injection defence, cost/budget tracking, structured findings. MCP scanner that flags tool-poisoning offensively. |
| mas-sentry-toolkit — defensive audit (AGPL-3.0) | Audits agentic systems from the outside: A2A client, MCP audit, ABFP behavioural fingerprinting, unified threat engine. One Typer CLI, SARIF out. OWASP Agentic Top-10 (ASI01–ASI10) detectors. |
- ABFP — Agent Behavioural FingerPrint. Baseline an agent by how it acts across 6 dimensions; surface drift, hijack and impersonation as statistical deviations instead of predefined rules.
- HCAP — Hierarchical Capability & Attestation Protocol. Prove what an agent may do and where its authority came from, down a delegation chain. N-of-M quorum, confused-deputy detection.
- ASI mapping — findings mapped to the OWASP Agentic Top 10 for a shared, recognised taxonomy.
- phantom-grid — free Burp Collaborator alternative: OOB interaction capture (HTTP/HTTPS/DNS), SQLite store + exfil reassembly.
- phantom-intel — CVE threat-intelligence platform on the NVD API 2.0.
- reality-probe — VLESS/Reality transport probing.
- The Layer Nobody Baselines — runtime behavioural detection for the MCP agent bus. →
- Hunting MCP Tool Poisoning — malicious instructions hidden in tool metadata, and how CyberAI catches them. →
- Agent-in-the-Middle — what's wrong with unsigned A2A agent cards. →
- Why the coordination layer is the real attack surface — single-agent safety doesn't compose. →
- OSCP+ track · active on PortSwigger / HackTheBox / TryHackMe
- Entering bug bounty — HackerOne · Bugcrowd · Intigriti ·
- Web3 audit stack: Foundry · Slither · Aderyn · Halmos · Echidna
The agentic frontier is shipping faster than anyone is testing it.

