AI Threat Research & Intelligence
800px
20px
150px
1px
Who We Are

Pillar has assembled the world's brightest minds from military intelligence and enterprise security to dismantle emerging threats in the new AI landscape. Our team’s expertise fuses deep offensive roots in traditional security (AppSec, Cloud, OS, Malware) with Frontier AI disciplines (Data Science, AI, Machine Learning). This hybrid DNA allows us to deconstruct complex attacks that cross the boundary between code, infrastructure, and autonomous systems.

What we do
What we do

Adversarial AI Research

Dissects Foundation Models and agents to identify zero-day vulnerabilities, novel jailbreaks, and prompt injection techniques.

Threat Intelligence

Monitors the wild for emerging trends in how attackers are weaponizing AI, delivering proactive insights rather than reactive alerts.

Red Teaming Operations

Simulates sophisticated attacks on AI pipelines to validate defenses and expose logic gaps that standard tools miss.

Architecting Enterprise Defense

Translates research into product capabilities, building next-gen features like the Safe MCP Registry and integrated Threat Intel feeds to secure the future of AI work.

Open Source & Supply Chain Security

Actively hunts for vulnerabilities in the open-source AI ecosystem—from coding agents to model hubs—to harden the community tools that enterprises rely on.

Our Work

Our research team have identified & reported security vulnerabilities in the most popular coding agents, IDEs, model hubs and agentic workflow platforms.

Latest Research:
What we discovered
My Agentic Trust Issues: From Prompt Injection to Supply-Chain Compromise on gemini-cli
tl;dr

Pillar Security researchers identified a CVSS 10 critical vulnerability (dubbed TrustIssues) in Google's AI powered GitHub workflows that allowed any external attacker, with nothing more than a public GitHub issue, to a full supply chain compromise of the gemini-cli repository, Google's AI coding agent with 101,000+ stars.

full Research

The critical severity rating reflects a specific bypass our researcher Dan Lisichkin identified inside Gemini CLI itself. The strategic impact is what that vulnerability enabled: a complete supply-chain compromise of Google's gemini-cli repository.

Smiling young man in a light pink hoodie standing on a seaside boardwalk with blurred beach and people in the background.

By

Dan Lisichkin

read now
Diagram showing functions including get_ticket_status, search_tickets, update_ticket_status, provide_troubleshooting, and fetch_website, highlighting fetch_website as the root cause of prompt injection due to fetching untrusted content from URLs, with a suggested fix to isolate untrusted data and allowlist trusted domains using Adaptive Guardrails.
More AI vulnerability research
read all
RESEARCH

AI Coding Tools Under Fire: Mapping the Malvertising Campaigns Targeting the Vibe Coding Ecosystem

Eilon Cohen

and

RESEARCH

Hackerbot-Claw: Adversarial Agent Targets Top GitHub Repos

Eilon Cohen

and

RESEARCH

Zero Click Unauthenticated RCE in n8n: A Contact Form That Executes Shell Commands

Eilon Cohen

and

read all

Meet the Pillar Research Team

Schedule a deep dive with the Pillar research team to learn about our latest research and findings. Get direct access to our experts and hear about the most novel attacks we are seeing in the wild

Thank you!
Oops! Something went wrong while submitting the form.
Pillar Security
COMPANY
About Us
Newsroom
Partners
Careers
Trust Center
PLATFORM
AI Discovery & Posture
Red Teaming & Attack Surface Exposure
Attack Surface Exposure
Runtime Guardrails
Governance & Compliance
solutions
Homegrown AI
Agentic Endpoint
AI Gateway security
MCP & Tool Security
Agentic AI Security
Embedded-AI
RESOURCES
Blog
Pillar Research
SAIL Framework
The State of
Attacks on GenAI
Thank you!
Your submission has been received!
Oops! Something went wrong while submitting the form.

© 2026 Pillar. All rights reserved.

Terms & ConditionsPrivacy policy