Archive - Next Kick Labs

CyberSecEval on a Consumer GPU: What My Local Setup Could Actually Measure

A local CyberSecEval lab shows why response fields, harness state, and server configuration matter as much as model scores.

Jun 10 • Fernando Lucktemberg

In AI Vulnerability Research, the Pipeline Is Becoming the Product

Open-source AI vulnerability research tooling now covers discovery, proof construction, patching, triage, and evaluation, but verifiable pipelines…

Jun 3 • Fernando Lucktemberg

May 2026

When the Research Tool and the Attack Tool Are the Same System

AI agents are now automating exploit chain construction at production scale. Learn how this shifts the economics of vulnerability triage and…

May 26 • Fernando Lucktemberg

Treat Coding Agents as Privileged Build Participants

Coding agents are now tool-using systems with repository access. Learn how to secure the agentic runtime and protect your software supply chain.

May 21 • Fernando Lucktemberg

Detecting Shadow AI in the Enterprise: The MCP stdio Gap

Close the detection gap for Shadow AI. Learn why the Model Context Protocol stdio transport bypasses CASBs and how to use endpoint telemetry for…

May 19 • Fernando Lucktemberg

The Three-Day Breach: The AI Security Gap That Isn't About Prompt Injection

A fictional composite incident exploring how machine-speed AI agents bypass traditional security detection. Learn why the detection tempo gap is more…

May 14 • Fernando Lucktemberg

Orchestrator-to-Orchestrator Is the Next Agentic Trust Boundary

Orchestrator-to-Orchestrator (O2O) delegation creates a new class of third-party risk. This article explores how to secure agent handoffs and horizontal…

May 12 • Fernando Lucktemberg

Runaway Agents: The Authority Boundary Problem in AI Security

Discover why runaway AI is an authority-boundary problem. Learn how tool-using agents exploit sandboxes and evaluators, and how to harden the control…

May 7 • Fernando Lucktemberg

AI Agent Memory Poisoning: The new AI-to-AI persistence risk

Explore how AI agents propagate malicious state through shared memory and messages. Learn about inter-agent trust exploitation and defensive memory…

May 5 • Fernando Lucktemberg

April 2026

Distillation at the Projection Layer: The Industrialized Theft of AI Models

Learn how competitors use knowledge distillation and projection layer extraction to clone frontier AI models. Discover the defenses that work and the…

Apr 30 • Fernando Lucktemberg

Autonomous AI-to-AI Jailbreaking: The New Security Frontier

Discover how reasoning models are automating AI jailbreaking with a 97% success rate. Learn why current defenses fail against autonomous, adaptive AI…

Apr 28 • Fernando Lucktemberg

Prompt Injection - The AI Agent Attack Surface

If your AI agent reads external content, whoever controls that content controls your agent. Explore the structural reality of indirect prompt injection.

Apr 23 • Fernando Lucktemberg

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts