snailsploit[$]Adversarial · Research
live
SnailSploit
Independent
2026.05

Adversarial AI Security Research & the AATMF Framework

Same attack.
Different substrate.

We find where systems place trust and prove when they shouldn't — across AI platforms, cloud infrastructure, web applications, and the humans who operate them. Open frameworks for adversarial-AI red teaming. Systematic vulnerability research from application layer to kernel. Social engineering for the human layer.

engage services →explore the AATMF framework
Linux Kernel · 5 mainline patchesCVEs · 61 publishedGHSA · 7 advisoriesHakin9 · Contributing authorMITRE/NVD · Contributor
01 · about
About.
SnailSploit · 2026
We find where systems place trust and prove when they shouldn't — across AI platforms, cloud infrastructure, web applications, and the humans who operate them. Open frameworks for adversarial-AI red teaming. Systematic vulnerability research from application layer to kernel. Social engineering for the human layer.
— Same attack. Different substrate. Human or machine.
Identity
Independent Adversarial · Research group
Scope
AI security · Cloud · Web · Social engineering · Infrastructure · Kernel
Frameworks
AATMF · P.R.O.M.P.T · SEF
Published
Adversarial Minds · Hakin9 · Dark Reading
Contributor
MITRE / NVD · Linux kernel mainline
02 · team
Two researchers. One method.

Who we are.

03 · AI security research

AI Security Research.

All research →
published at snailsploit.com, hakin9 magazine, medium.
Self-Replicating Memory WormAdversarial self-replicating prompt that survives across sessions and propagates via long-term memory writes — the AI-worm primitive applied to persistent agent state.
Memory Injection Through Nested SkillsSkill injection + memory poisoning = self-healing autonomous implant. Validated against DVWA and Juice Shop in agent harness.
ChatGPT Canvas DNS ExfiltrationDNS exfiltration via rendered Canvas content — triggers lookups without outbound HTTP.
ChatGPT Sandbox: Pickle RCE + DNS ChainPickle deserialization RCE chained with DNS exfil to break out of the Code Interpreter sandbox.
MCP vs A2A Attack SurfaceComparative threat model: where Model Context Protocol and Agent-to-Agent diverge in trust boundaries.
The 30% Blind Spot — LLM Safety JudgesEmpirical study showing LLM-as-judge safety classifiers miss ~30% of adversarial output classes.
Adversarial Prompting: Complete GuideEnd-to-end methodology covering direct, indirect, multi-turn, and agentic prompt injection.
04 · frameworks

Frameworks & Tooling.

All frameworks →
AATMF v3.1Adversarial AI Threat Modeling Framework — 20 tactics, 240+ techniques, 2,152+ procedures, 4,980+ prompts. Mapped to NIST AI RMF and MITRE ATLAS.
AATMF Red Teaming ToolkitPython CLI for systematic LLM safety testing — three-layer eval pipeline, defense fingerprinting, decay tracking, attack chain planning.
LLM Red Teamer's PlaybookDiagnostic methodology for bypassing LLM defense layers — input filters → alignment → identity → output → agentic trust.
Claude-RedCurated offensive security skills library for the Claude skills system — 38 SKILL.md files spanning SQLi, shellcode, EDR evasion, exploit dev.
05 · Offensive tools

Offensive Tools.

All tools (incl. GitHub) →
MCP security analysis for Burp Suite — prompt injection and tool poisoning testing via Model Context Protocol.
AI-powered bug bounty automation — LLM analysis combined with traditional security scanning.
Red-team Kubernetes misconfiguration & attack-path scanner.
Autonomous credential intelligence platform for attack-surface recon.
Chrome MV3 extension — passive recon, security headers, IP intel, CPE→CVE enrichment.
Async directory & route discovery — HTTP/2, soft-404 suppression, JS/sourcemap mining.
Low-bandwidth stress testing — modernized Slowloris.
Structurally-aware code obfuscation engine.
Curated OSINT resource collection for offensive recon.
06 · disclosures
61 CVEs · 7 GHSA advisories · 5 Linux kernel mainline patches. The work, not the titles.

Disclosures.