Weekly Links - 2026-W11

This week we have a lot of interesting topics, specially regarding AI attacks and the Use of AI for web vulnerability detection.

• XBOW IDOR Reasoning: A look into how XBOW uses autonomous reasoning to map object relationships and bypass authorization logic.

• MCP Server Attack Surface: Research into Model Context Protocol (MCP) servers acting as “machine-in-the-middle” vectors for RCE and data exfiltration.

• Tools: Julius (LLM Fingerprinting): Open Source LLM service fingerprinting tool from praetorian.

• Tools: Augustus (LLM Prompt Injection: Open Source LLM prompt injection tool from praetorian.

• Detecting Exposed LLM Servers: A Shodan Case Study on Ollama: A Cisco study on detecting Ollama servers using shodan API.

• AirSnitch: Demystifying and Breaking Client Isolation in Wi-Fi Networks: a paper on new classes of Wi-Fi networks attacks.