MLSecOps Research Lab
A purpose-built environment for discovering vulnerabilities in AI/ML systems — not the models themselves, but the infrastructure that connects them to the real world: agent chains, tool servers, RAG pipelines, and the trust boundaries between them.
01 The Loop
The lab operates as a continuous feedback loop: build tools that test AI agent infrastructure for security flaws, hunt vulnerabilities against real targets to ground those tools in reality, then write detection rules that catch the attacks. Each track feeds the others. If something doesn't connect to this loop, it shouldn't be here.
02 Architecture
Logical capability layers — what the lab does, not how it's wired. Click a layer to expand, hover nodes for details.
03 Capability Areas
AI/ML Target Environment
Local inference servers, retrieval-augmented generation pipelines, MCP tool servers, and multi-agent chains — deployed as attack targets with full instrumentation.
Attack Execution
Two custom tool programs targeting distinct attack surfaces. CounterAgent tests the protocol and system layer — MCP server scanning, traffic interception, and agent trust boundaries. The Canary program tests the content and supply chain layer — indirect prompt injection, coding assistant context poisoning, and RAG retrieval hijacking.
Telemetry & Detection
SIEM correlation, network telemetry, and detection rule authoring in Sigma and YARA. If an attack works, the next step is proving it can be caught.
Malware Analysis
Network-isolated analysis environment for reverse engineering suspicious artifacts — model files, compromised packages, and supply chain payloads.
04 Cloud Extensions
The lab scales beyond home infrastructure when research demands it.
| Capability | Purpose |
|---|---|
| GPU Compute | Dedicated GPU instances for model-heavy experimentation and fine-tuning beyond local capacity. |
| Notebooks | Cloud notebook environments with accelerator access for rapid prototyping and model analysis. |
| Cloud Infrastructure | External-facing deployments for testing attacks that require public exposure or remote infrastructure. |
05 Research Methodology
Hypothesis-driven investigation. Every research effort follows this sequence:
Artifacts include CVEs, detection rules, tools, and published findings. Negative results are documented — what didn't work matters as much as what did.
🔒 What's Not Shown
Network topology, hardware specifications, service versions, credentials infrastructure, and detection rule logic are intentionally omitted. This page describes what the lab does, not how it's wired.