Author
Security research at Jiffy Labs
The Jiffy Research Team investigates security risks in AI artifacts — skills, MCP servers, IDE rule files, agents.md, and agent configurations — across public registries and in design-partner deployments. We publish findings, detection rules, and remediation guidance as we discover them.
The CSA, SANS, and OWASP GenAI just told CISOs to become Mythos-ready. Their brief is the best strategy document the industry has produced on the post-Mythos threat environment. It focuses on the code and vulnerability side. The artifact side -- skills, MCP servers, rule files -- is the adjacent surface that needs the same treatment.
The detection pipeline end to end -- signatures, heuristics, sandboxed execution, cross-ecosystem dedupe, and scoring. What runs where, and why.
The OWASP LLM Top 10 is a runtime framework. It does not cover the persistent artifacts that ship capability to agents. Here is the map between the two and where each one's responsibility ends.
IDE rule files grant persistent capability to every AI agent that touches the repo. They are rarely code-reviewed. Here are the attack patterns and the detection signatures.
Notes on a cross-registry audit of Anthropic Skills. Credential exfiltration, tool-call smuggling, and silent network calls are the dominant issue classes. Here is the taxonomy.
What Model Context Protocol is, why the servers are uniquely risky, and how to assess one in under ten minutes. With concrete detection signatures.
Skills, MCP servers, .cursorrules, and agents.md are the new untrusted dependencies. Treat them like npm circa 2018: untrusted by default, scanned on ingest, pinned on use.
