Blog
Technical deep dives on AI agent security from the Ring Zero team.
How a Prompt Injection Attack Exfiltrated AWS Credentials — Step by Step
A step-by-step reconstruction of a prompt injection attack that read AWS credentials and staged them for exfiltration — and what the EDR saw vs. what it missed.
Why Your EDR Cannot See AI Agent Attacks
CrowdStrike, SentinelOne, and Microsoft Defender were built for human-initiated threats. AI agents create a fundamentally different attack surface that operates in the gap between application and kernel.
Kernel Signals That Matter for AI Agent Session Monitoring
Not all kernel events are equal for agent security. This guide covers which eBPF hooks, syscalls, and file access patterns actually matter — and which ones are noise.
CrowdStrike vs. Ring Zero: What Each One Sees During a Copilot Session
A side-by-side comparison of the telemetry CrowdStrike Falcon and Ring Zero produce during a live AI coding agent session — with a simulated prompt injection attack.
What SOC 2 Auditors Will Start Asking About Your AI Agents
SOC 2 audits are catching up to agentic AI deployments. Here's what auditors will ask, what evidence they'll expect, and why application-layer logs are not sufficient.
Provenance Graphs: Why Syscall Streams Are Not Enough for Agent Security
Event streams show what happened. Provenance graphs show why. Here's how Ring Zero reconstructs causal chains from kernel events to detect attacks that no individual alert would catch.