Skip to content
snailsploit[$]Adversarial · Research
live
SnailSploit
Independent
2026.05

Adversarial AI Security Research & the AATMF Framework

Same attack.
Different substrate.

We find where systems place trust and prove when they shouldn't — across AI platforms, cloud infrastructure, web applications, and the humans who operate them. Open frameworks for adversarial-AI red teaming. Systematic vulnerability research from application layer to kernel. Social engineering for the human layer.

engage services →explore the AATMF framework
Linux Kernel · 5 mainline patchesCVEs · 66 publishedGHSA · 4 advisoriesVendor acks · 8Hakin9 · Contributing authorMITRE/NVD · Contributor
01 · AI security research

AI Security Research.

All research →
published at snailsploit.com, hakin9 magazine, medium.
AI Red-Teaming Frameworks, ComparedAATMF vs MITRE ATLAS vs NIST AI RMF vs Google SAIF — what each is actually for, side by side.
Self-Replicating Memory WormAdversarial self-replicating prompt that survives across sessions and propagates via long-term memory writes — the AI-worm primitive applied to persistent agent state.
Memory Injection Through Nested SkillsSkill injection + memory poisoning = self-healing autonomous implant. Validated against DVWA and Juice Shop in agent harness.
ChatGPT Canvas DNS ExfiltrationDNS exfiltration via rendered Canvas content — triggers lookups without outbound HTTP.
Weaponized AI Supply ChainHow threat actors turned LLMs into attack infrastructure — from poisoned model to delivered payload.
MCP vs A2A Attack SurfaceComparative threat model: where Model Context Protocol and Agent-to-Agent diverge in trust boundaries.
The 30% Blind Spot — LLM Safety JudgesEmpirical study showing LLM-as-judge safety classifiers miss ~30% of adversarial output classes.
Adversarial Prompting: Complete GuideEnd-to-end methodology covering direct, indirect, multi-turn, and agentic prompt injection.
02 · frameworks

Frameworks & Tooling.

All frameworks →
AATMF v3.1Adversarial AI Threat Modeling Framework — 15 tactics, 240+ techniques, 2,152+ procedures, 4,980+ prompts. Mapped to NIST AI RMF and MITRE ATLAS.
AATMF Red Teaming ToolkitPython CLI for systematic LLM safety testing — three-layer eval pipeline, defense fingerprinting, decay tracking, attack chain planning.
LLM Red Teamer's PlaybookDiagnostic methodology for bypassing LLM defense layers — input filters → alignment → identity → output → agentic trust.
Claude-RedCurated offensive security skills library for the Claude skills system — 38 SKILL.md files spanning SQLi, shellcode, EDR evasion, exploit dev.
03 · Offensive tools

Offensive Tools.

All tools (incl. GitHub) →
MCP security analysis for Burp Suite — prompt injection and tool poisoning testing via Model Context Protocol.
AI-powered bug bounty automation — LLM analysis combined with traditional security scanning.
Red-team Kubernetes misconfiguration & attack-path scanner.
Autonomous credential intelligence platform for attack-surface recon.
Chrome MV3 extension — passive recon, security headers, IP intel, CPE→CVE enrichment.
Async directory & route discovery — HTTP/2, soft-404 suppression, JS/sourcemap mining.
Low-bandwidth stress testing — modernized Slowloris.
Structurally-aware code obfuscation engine.
Curated OSINT resource collection for offensive recon.
04 · about
About.
SnailSploit · 2026
We find where systems place trust and prove when they shouldn't — across AI platforms, cloud infrastructure, web applications, and the humans who operate them. Open frameworks for adversarial-AI red teaming. Systematic vulnerability research from application layer to kernel. Social engineering for the human layer.
— Same attack. Different substrate. Human or machine.
Identity
Independent Adversarial · Research group
Scope
AI security · Cloud · Web · Social engineering · Infrastructure · Kernel
Frameworks
AATMF · P.R.O.M.P.T · SEF
Published
Adversarial Minds · Hakin9 · Dark Reading
Contributor
MITRE / NVD · Linux kernel mainline
05 · team
Three researchers. One method.

Who we are.

06 · disclosures
69 CVEs · 4 GHSA advisories · 5 Linux kernel mainline patches · 8 vendor acknowledgments. The work, not the titles.

Disclosures.

Vendor acknowledgments · 8
Sahar Shlichove →
Apple · IBM · Palo Alto Networks · Red Hat · Broadcom · Apache · ONA · Israel National Cyber Directorate
Named, verifiable security acknowledgments — vulnerabilities found and responsibly disclosed across vendors' own codebases and infrastructure.
the book · free
Adversarial Minds.

The thesis behind everything we publish — why the same attack works on a human and a language model. The complete book, no gate, no email.

download the PDF ↓about the book →