AI is quickly becoming part of how software is written, how teams search for information, how workflows get automated, and how decisions are supported. That makes AI both a productivity layer and a security layer. Cyfinoid’s AI research focuses on both sides at once: how organizations can use AI effectively, and how AI-enabled systems can introduce new trust, privacy, and security failures.
We are especially interested in the messy, real-world edge cases that appear when LLMs, copilots, agents, browser automation, internal knowledge, and external tools start getting connected together. Prompt injection, over-trusted agents, unsafe tool use, data leakage, weak review loops, and invisible automation boundaries all become part of the security problem.
This is an active and growing research area for us. Public material here will continue to expand as we turn experiments, notes, prototypes, and field observations into sharper tools, writeups, and training content.
What We Study
- Secure adoption of LLMs, copilots, and AI-assisted workflows
- Prompt injection, context poisoning, and tool-use abuse
- Agent security, orchestration boundaries, and over-permissioned automation
- Data leakage, privacy, and knowledge-boundary failures in AI systems
- Practical ways to use AI for analysis without removing human judgment
- Evaluation methods for determining whether AI workflows are actually safe and useful
Why This Matters
Many teams are adopting AI faster than they are defining trust boundaries around it. A model may not need to be “compromised” in the traditional sense for serious damage to happen. It may simply be connected to the wrong data, granted the wrong actions, or placed in a workflow that assumes too much.
We want to help organizations move beyond hype and fear. The real challenge is learning where AI genuinely improves outcomes, where it creates new attack surface, and what controls are needed if it is going to be trusted in development, operations, and security workflows.
Current Direction
- Research on AI-enabled workflow risk in engineering and security operations
- Practical guidance for safer use of LLMs and agents inside real teams
- Experiments that explore human-AI and multi-agent interaction models
- Security-oriented thinking around browser-based and privacy-conscious AI tooling
Early Public Signals
Council of AI Bots: an exploratory experiment in multi-agent interaction and structured AI reasoning- Ongoing work toward more practical public material around AI usage, agent behavior, and security implications
Who This Research Helps
- Security teams evaluating AI adoption inside their organizations
- Engineering teams integrating AI into developer workflows
- Leaders trying to separate meaningful AI capability from risky automation theater
- Researchers interested in the overlap between AI usage, trust, and security
If your team is trying to use AI without creating blind trust, hidden data exposure, or unsafe automation, this is one of Cyfinoid’s active research directions.
Community Contributions
Blogs
