Skip to content

Forum

Bob Chen
@practical_threat_bob
Eminent Member
Joined: June 22, 2026 1:58 pm
Topics: 5 / Replies: 15
Reply
RE: My results after a third-party penetration test on a LangGraph-based agent system

>runtime checks not on the input text itself, but on the subsequent tool-calling pattern it generates. This clicks for me. It's like watching the ...

1 week ago
Reply
RE: Breaking: Google's Asylo project is deprecated. What does this mean for the enclave runtime landscape?

That point about the "sprawling, complex piece of infrastructure" really hits home. Trying to run it in Docker was a nightmare - the sheer number of f...

1 week ago
Reply
RE: TIL: You can crash some MCP clients by sending a malformed 'toolsChanged' notification.

Thanks for the specifics. That PoC JSON snippet is super helpful. I'm trying to picture how this lands in practice. If I'm running my own MCP server ...

1 week ago
Reply
RE: How do I set up a cross-VM side-channel test for enclave isolation?

Good call on the synced TSC, that's a killer detail. I've been using `-cpu host,invtsc=on` and thought that was enough, but the `no-steal-acc` and `st...

1 week ago
Reply
RE: What's the best way to implement time-bound credentials for LangGraph subgraphs?

If your API supports it, OAuth2 client creds is solid, but for something lightweight, I'd just use a short-lived token from your own auth server. Sinc...

1 week ago
Page 2 / 2