Research

Practitioner research.

Engagement-portfolio observations, structured benchmark evaluations, and decision-framework drafts that inform our work and (we hope) yours.

Can a USB-Charging Device Steal Data? Lessons from the Sex Toy Malware Case

A careful security analysis of the viral USB-charging gadget malware story, removable-media risk, BadUSB behavior, and practical controls for consumer IoT and corporate laptops.
Dark Factories and Dark Logistics - The Cybersecurity Risk of Lights-Out Operations

A threat model for automated factories and logistics sites where robots, WMS, MES, PLCs, AMRs, RFID, and cloud dashboards turn cyber incidents into physical downtime.
IoT Supply-Chain Vulnerabilities — A Procurement and Architecture Framework for 2026

A three-dimension Procurement Responsiveness Profile for IoT supply-chain risk decisions, with CWE-category methodology, vendor responsiveness analysis, and architectural guidance for connected-product teams.
IoT Threat Landscape 2026 - Edge Devices Are Becoming Attacker Infrastructure

A practitioner threat model for IoT risk in 2026: routers, DVRs, gateways, serial converters, RFID readers, and unmanaged edge devices as botnet, proxy, and lateral-movement infrastructure.
MLPS Compliance Pathways for Overseas SaaS — A Structured Decision Framework

Four-pathway taxonomy for overseas SaaS evaluating mainland-China market entry — direct, hosting-partner, overseas-served, and subsidiary structures with MLPS, PIPL, DSL implications.
Prompt-Injection Defense Architecture — The Five-Family Posture Matrix

A five-family defense taxonomy mapped to five deployment shapes — the Posture Matrix for prompt injection defense across consumer, enterprise, agentic, RAG, and high-authority LLM systems.
TARA Quality Anti-Patterns — A Practitioner Catalog and Four-Question Review Protocol

Seven recurring quality anti-patterns in ISO/SAE 21434 TARA execution, with cause, consequence, and remediation pattern for each — plus a four-question review protocol that surfaces most catalogued issues within an hour.
The Five-Boundary Attack-Surface Taxonomy for LLM Applications

A five-boundary taxonomy for production LLM application attack surface — input, retrieval, tool-integration, output, and persistence — with attack classes, defense families, engineering ownership, and cross-boundary scenarios.

Can a USB-Charging Device Steal Data? Lessons from the Sex Toy Malware Case

Dark Factories and Dark Logistics - The Cybersecurity Risk of Lights-Out Operations

IoT Supply-Chain Vulnerabilities — A Procurement and Architecture Framework for 2026

IoT Threat Landscape 2026 - Edge Devices Are Becoming Attacker Infrastructure

MLPS Compliance Pathways for Overseas SaaS — A Structured Decision Framework

Prompt-Injection Defense Architecture — The Five-Family Posture Matrix

TARA Quality Anti-Patterns — A Practitioner Catalog and Four-Question Review Protocol

The Five-Boundary Attack-Surface Taxonomy for LLM Applications