# authentication
標記為「authentication」的 20 篇文章
Agent Identity and Credential Theft
Exploiting how AI agents authenticate to external services -- credential theft through agent manipulation, MFA bypass, and impersonation attacks including BodySnatcher and CVE-2025-64106.
MCP Authentication Gaps: Securing MCP Server Authentication
A defense-focused guide to understanding authentication weaknesses in MCP server deployments -- 38% of scanned servers lack any authentication -- and implementing robust token-based auth, mTLS, and middleware-based access control.
MCP Authentication Bypass Techniques
Analysis of authentication and authorization bypass vectors in MCP server implementations including token replay and session hijacking.
MCP Authentication Bypass Techniques (Agentic Exploitation)
Bypassing MCP server authentication and authorization mechanisms through token manipulation and scope abuse.
Security of AI-Generated API Endpoints
Analysis of security vulnerabilities in AI-generated REST and GraphQL API code, covering authentication bypass, BOLA, mass assignment, and rate limiting failures.
The AI API Ecosystem
A red teamer's guide to the AI API landscape — OpenAI, Anthropic, Google, AWS, Azure, open-source APIs, authentication patterns, and common security misconfigurations.
LLM API Security Testing
Security testing methodology for LLM APIs, covering authentication, rate limiting, input validation, output filtering, and LLM-specific API vulnerabilities.
Authentication & Session Attacks
Methodology for bypassing authentication, extracting API keys, manipulating session state, exploiting cross-session data leakage, and escalating privileges in LLM-powered applications.
MLflow Attack Surface
Security analysis of MLflow: tracking server authentication weaknesses, artifact store access control, model registry tampering, SQL injection in tracking queries, and exploitation techniques for both open-source and managed deployments.
AI API Red Team Engagement
Complete walkthrough for testing AI APIs: endpoint enumeration, authentication bypass, rate limit evasion, input validation testing, output data leakage, and model fingerprinting through API behavior.
代理 Identity and Credential Theft
利用ing how AI agents authenticate to external services -- credential theft through agent manipulation, MFA bypass, and impersonation attacks including BodySnatcher and CVE-2025-64106.
MCP Authentication Gaps: Securing MCP Server Authentication
A defense-focused guide to understanding authentication weaknesses in MCP server deployments -- 38% of scanned servers lack any authentication -- and implementing robust token-based auth, mTLS, and middleware-based access control.
MCP Authentication Bypass Techniques
Analysis of authentication and authorization bypass vectors in MCP server implementations including token replay and session hijacking.
MCP Authentication Bypass Techniques (代理式 利用ation)
Bypassing MCP server authentication and authorization mechanisms through token manipulation and scope abuse.
安全 of AI-Generated API Endpoints
Analysis of security vulnerabilities in AI-generated REST and GraphQL API code, covering authentication bypass, BOLA, mass assignment, and rate limiting failures.
AI API 生態系
紅隊員之 AI API 生態系指南——OpenAI、Anthropic、Google、AWS、Azure、開源 API、身分驗證模式,與常見安全錯誤組態。
LLM API 安全
大型語言模型 API 的安全——涵蓋認證、速率限制、輸入驗證、輸出過濾與 API 特定攻擊向量。
身分驗證與會話攻擊
繞過身分驗證、提取 API 金鑰、操弄會話狀態、利用跨會話資料洩漏,與於 LLM 驅動應用升級特權之方法論。
MLflow 攻擊 Surface
安全 analysis of MLflow: tracking server authentication weaknesses, artifact store access control, model registry tampering, SQL injection in tracking queries, and exploitation techniques for both open-source and managed deployments.
AI API 紅隊 Engagement
Complete walkthrough for testing AI APIs: endpoint enumeration, authentication bypass, rate limit evasion, input validation testing, output data leakage, and model fingerprinting through API behavior.