<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>Sam Wallace | Security Research</title>
    <link>https://samwallace.dev/</link>
    <atom:link href="https://samwallace.dev/rss.xml" rel="self" type="application/rss+xml" />
    <description>Application security, penetration testing, and vulnerability research, plus interactive walkthroughs of AI agent security, OAuth, and MCP.</description>
    <language>en-us</language>
    <managingEditor>Sam Wallace</managingEditor>
    <webMaster>Sam Wallace</webMaster>
    <lastBuildDate>Sun, 28 Jun 2026 12:00:00 GMT</lastBuildDate>
    <generator>scripts/generate-rss.mjs</generator>
    <item>
      <title>The MCP Gateway</title>
      <link>https://samwallace.dev/mcp-gateway</link>
      <guid isPermaLink="true">https://samwallace.dev/mcp-gateway</guid>
      <pubDate>Sun, 28 Jun 2026 12:00:00 GMT</pubDate>
      <category>Interactive · Architecture</category>
      <description>Should an MCP server proxy your existing APIs, or go straight to the database? The MCP governance layer, with code: wrapping existing APIs, the catch with direct-to-DB MCPs, and how it scales across enterprise teams.</description>
    </item>
    <item>
      <title>The OAuth Handshake</title>
      <link>https://samwallace.dev/oauth</link>
      <guid isPermaLink="true">https://samwallace.dev/oauth</guid>
      <pubDate>Sat, 27 Jun 2026 12:00:00 GMT</pubDate>
      <category>Interactive · Identity</category>
      <description>The friendly overview of OAuth 2.0 and OpenID Connect: the four roles, how delegated access works (code, then token, then API call), and where identity fits. The on-ramp to the PKCE and token-exchange deep dives.</description>
    </item>
    <item>
      <title>The Agent Attack Surface</title>
      <link>https://samwallace.dev/pipeline</link>
      <guid isPermaLink="true">https://samwallace.dev/pipeline</guid>
      <pubDate>Sat, 27 Jun 2026 12:00:00 GMT</pubDate>
      <category>Interactive · Threat model</category>
      <description>The AI agent attack surface, end to end. Toggle threats and defenses across the whole pipeline (RAG injection, the lethal trifecta, tool poisoning, excessive agency, output handling, memory poisoning, guardrail bypass) and watch the blast radius change.</description>
    </item>
    <item>
      <title>Why Jailbreaks Work</title>
      <link>https://samwallace.dev/jailbreak</link>
      <guid isPermaLink="true">https://samwallace.dev/jailbreak</guid>
      <pubDate>Sat, 27 Jun 2026 12:00:00 GMT</pubDate>
      <category>Interactive · AI security</category>
      <description>Why jailbreaks and system-prompt extraction work: your input reshapes the model&apos;s next-token probabilities, so a refusal is only ever the most likely response, never a guaranteed one. Stack techniques and watch the meter flip.</description>
    </item>
    <item>
      <title>Inside the Sandbox</title>
      <link>https://samwallace.dev/sandbox</link>
      <guid isPermaLink="true">https://samwallace.dev/sandbox</guid>
      <pubDate>Sat, 27 Jun 2026 12:00:00 GMT</pubDate>
      <category>Interactive · Isolation</category>
      <description>How scoping an agent&apos;s executor, not just its token, stops a hijacked tool call. Watch the same confused-deputy attack hit a sandbox boundary, then sail through with ambient root.</description>
    </item>
    <item>
      <title>The Tool-Call Loop</title>
      <link>https://samwallace.dev/toolcall</link>
      <guid isPermaLink="true">https://samwallace.dev/toolcall</guid>
      <pubDate>Sat, 27 Jun 2026 12:00:00 GMT</pubDate>
      <category>Interactive · Function calling</category>
      <description>What &quot;function calling&quot; actually does: the model proposes a structured call, your runtime validates it against a JSON Schema and decides whether to run it. Includes parallel calls and the security boundary.</description>
    </item>
    <item>
      <title>The Token Budget</title>
      <link>https://samwallace.dev/context</link>
      <guid isPermaLink="true">https://samwallace.dev/context</guid>
      <pubDate>Sat, 27 Jun 2026 12:00:00 GMT</pubDate>
      <category>Interactive · Tokens</category>
      <description>Where an LLM&apos;s token budget really goes (system prompt, tool defs, history, RAG), and how compaction reclaims space when the window fills up.</description>
    </item>
    <item>
      <title>Authorizing MCP</title>
      <link>https://samwallace.dev/mcpauth</link>
      <guid isPermaLink="true">https://samwallace.dev/mcpauth</guid>
      <pubDate>Sat, 27 Jun 2026 12:00:00 GMT</pubDate>
      <category>Interactive · OAuth 2.1</category>
      <description>An interactive, click-through walkthrough of MCP authorization: how a client goes from a 401 to a scoped access token using OAuth 2.1, PKCE, dynamic client registration, and resource indicators (RFC 8707/9728).</description>
    </item>
    <item>
      <title>Token Exchange Visual</title>
      <link>https://samwallace.dev/obo</link>
      <guid isPermaLink="true">https://samwallace.dev/obo</guid>
      <pubDate>Mon, 01 Jun 2026 12:00:00 GMT</pubDate>
      <category>Interactive · OAuth</category>
      <description>An interactive, click-through walkthrough of OAuth 2.0 Token Exchange (RFC 8693) on behalf of, for web apps, MCP servers, and agents. Watch which token goes where, step by step.</description>
    </item>
    <item>
      <title>Stop Giving Your AI Root</title>
      <link>https://samwallace.dev/research/stop-giving-your-ai-root</link>
      <guid isPermaLink="true">https://samwallace.dev/research/stop-giving-your-ai-root</guid>
      <pubDate>Sat, 25 Apr 2026 12:00:00 GMT</pubDate>
      <category>BSidesKC · Talk</category>
      <description>We hand AI agents API keys, OAuth tokens, and tool execution rights, then hope it works out. A defense in depth take on clawing control back: scoped cross-app access, input and output guardrails, and sandboxed execution.</description>
    </item>
    <item>
      <title>CVE-2026-27699</title>
      <link>https://samwallace.dev/research/cve-2026-27699</link>
      <guid isPermaLink="true">https://samwallace.dev/research/cve-2026-27699</guid>
      <pubDate>Mon, 23 Feb 2026 12:00:00 GMT</pubDate>
      <category>Critical 9.1 · basic-ftp</category>
      <description>Path traversal (CWE-22) in basic-ftp&apos;s downloadToDir(). A malicious FTP server sends filenames with ../ and the client writes files outside the download directory. Critical, fixed in 5.2.0.</description>
    </item>
    <item>
      <title>AI in CyberSecurity: How to be a 10x Engineer</title>
      <link>https://samwallace.dev/research/ai-in-cybersecurity-how-to-be-a-10x-engineer</link>
      <guid isPermaLink="true">https://samwallace.dev/research/ai-in-cybersecurity-how-to-be-a-10x-engineer</guid>
      <pubDate>Mon, 23 Oct 2023 12:00:00 GMT</pubDate>
      <category>Talk · AI</category>
      <description>How to use AI as a 10x force multiplier. A hands-on tour of building LLM apps with LangChain, with examples anyone can copy.</description>
    </item>
    <item>
      <title>Can AI empowered open source tools compete with their premium counterparts?</title>
      <link>https://blog.dispareosecurity.com/can-ai-empowered-open-source-tools-compete-with-their-premium-counterparts-guest-blog-9683c3df71e5</link>
      <guid isPermaLink="true">https://blog.dispareosecurity.com/can-ai-empowered-open-source-tools-compete-with-their-premium-counterparts-guest-blog-9683c3df71e5</guid>
      <pubDate>Tue, 28 Mar 2023 12:00:00 GMT</pubDate>
      <category>AI</category>
      <description>Guest blog post on the Dispareo Security blog!</description>
    </item>
    <item>
      <title>DOM XSS: Skimming Credit Cards</title>
      <link>https://samwallace.dev/research/dom-xss-skimming-credit-cards</link>
      <guid isPermaLink="true">https://samwallace.dev/research/dom-xss-skimming-credit-cards</guid>
      <pubDate>Fri, 03 Mar 2023 12:00:00 GMT</pubDate>
      <category>XSS</category>
      <description>Skimming credit cards by exploiting a DOM XSS vulnerability in a react application. This is for educational purposes only.</description>
    </item>
    <item>
      <title>Harvesting Emails with Expired Garmin LiveTrack Sessions</title>
      <link>https://samwallace.dev/research/harvesting-emails-with-expired-garmin-livetrack-sessions</link>
      <guid isPermaLink="true">https://samwallace.dev/research/harvesting-emails-with-expired-garmin-livetrack-sessions</guid>
      <pubDate>Sat, 31 Dec 2022 12:00:00 GMT</pubDate>
      <category>CVE-2022-46081</category>
      <description>In Garmin Connect 4.61, terminating a LiveTrack session wouldn&apos;t prevent the LiveTrack API from continued exposure of private personal information.</description>
    </item>
    <item>
      <title>Stored XSS in GMS 1.0</title>
      <link>https://samwallace.dev/research/stored-xss-in-gms-1-0</link>
      <guid isPermaLink="true">https://samwallace.dev/research/stored-xss-in-gms-1-0</guid>
      <pubDate>Mon, 12 Dec 2022 12:00:00 GMT</pubDate>
      <category>CVE-2022-41358</category>
      <description>Garage Management System utilizes client side validation to prevent XSS.
        Using burp, a request can be modified and replayed to the server bypassing this validation which creates an avenue for XSS.</description>
    </item>
    <item>
      <title>Garmin White Hat Hacker</title>
      <link>https://samwallace.dev/research/garmin-white-hat-hacker</link>
      <guid isPermaLink="true">https://samwallace.dev/research/garmin-white-hat-hacker</guid>
      <pubDate>Sat, 01 Jan 2022 12:00:00 GMT</pubDate>
      <category>Recognition</category>
      <description>Garmin credited me as a white hat for reporting a LiveTrack privacy bug (CVE-2022-46081).</description>
    </item>
  </channel>
</rss>
