AI Threat Research & Intelligence
800px
20px
150px
1px
Who We Are

Pillar has assembled the world's brightest minds from military intelligence and enterprise security to dismantle emerging threats in the new AI landscape. Our team’s expertise fuses deep offensive roots in traditional security (AppSec, Cloud, OS, Malware) with Frontier AI disciplines (Data Science, AI, Machine Learning). This hybrid DNA allows us to deconstruct complex attacks that cross the boundary between code, infrastructure, and autonomous systems.

What we do
What we do

Adversarial AI Research

Dissects Foundation Models and agents to identify zero-day vulnerabilities, novel jailbreaks, and prompt injection techniques.

Threat Intelligence

Monitors the wild for emerging trends in how attackers are weaponizing AI, delivering proactive insights rather than reactive alerts.

Red Teaming Operations

Simulates sophisticated attacks on AI pipelines to validate defenses and expose logic gaps that standard tools miss.

Architecting Enterprise Defense

Translates research into product capabilities, building next-gen features like the Safe MCP Registry and integrated Threat Intel feeds to secure the future of AI work.

Open Source & Supply Chain Security

Actively hunts for vulnerabilities in the open-source AI ecosystem—from coding agents to model hubs—to harden the community tools that enterprises rely on.

Our Work

Our research team have identified & reported security vulnerabilities in the most popular coding agents, IDEs, model hubs and agentic workflow platforms.

Latest Research:
What we discovered
Prompt Injection leads to RCE and Sandbox Escape in Antigravity
tl;dr

Pillar Security researchers have uncovered a vulnerability in Antigravity, Google's agentic IDE. This technique exploits insufficient input sanitization of the find_by_name tool's Pattern parameter, allowing attackers to inject command-line flags into the underlying fd utility, converting a file search operation into arbitrary code execution.

full Research

By injecting the -X (exec-batch) flag through the Pattern parameter, an attacker can force fd to execute arbitrary binaries against workspace files. Combined with Antigravity's ability to create files as a permitted action, this enables a full attack chain...

By

Dan Lisichkin

read now
Diagram showing functions including get_ticket_status, search_tickets, update_ticket_status, provide_troubleshooting, and fetch_website, highlighting fetch_website as the root cause of prompt injection due to fetching untrusted content from URLs, with a suggested fix to isolate untrusted data and allowlist trusted domains using Adaptive Guardrails.
More AI vulnerability research
read all
RESEARCH

AI Coding Tools Under Fire: Mapping the Malvertising Campaigns Targeting the Vibe Coding Ecosystem

Eilon Cohen

and

RESEARCH

Hackerbot-Claw: Adversarial Agent Targets Top GitHub Repos

Eilon Cohen

and

RESEARCH

Zero Click Unauthenticated RCE in n8n: A Contact Form That Executes Shell Commands

Eilon Cohen

and

read all

Meet the Pillar Research Team

Schedule a deep dive with the Pillar research team to learn about our latest research and findings. Get direct access to our experts and hear about the most novel attacks we are seeing in the wild

Thank you!
Oops! Something went wrong while submitting the form.
Pillar Security
COMPANY
About Us
Newsroom
Partners
Careers
Trust Center
PLATFORM
AI Discovery & Posture
Red Teaming & Attack Surface Exposure
Attack Surface Exposure
Runtime Guardrails
Governance & Compliance
solutions
Homegrown AI
Agentic Endpoint
AI Gateway security
MCP & Tool Security
Agentic AI Security
Embedded-AI
RESOURCES
Blog
Pillar Research
SAIL Framework
The State of
Attacks on GenAI
Thank you!
Your submission has been received!
Oops! Something went wrong while submitting the form.

© 2026 Pillar. All rights reserved.

Terms & ConditionsPrivacy policy