@akoffsec

Adithyan Arun Kumar

@akoffsec

Security Engineer - AI

San FranciscoJoined March 2025

About

Nothing here yet.

Available for

Nothing here yet.

Adithyan Arun Kumar's blogs

Adithyan's Blogadithyanak.com6 posts

Articles Threads Comments

Recently published

AAAdithyan Arun Kumaradithyanak.com

Remote Code Execution in Inspect AI (UK AISI)

May 16 · 3 min read · Summary The math() scorer in inspect_ai extracts content from LaTeX \boxed{...} in model output and passes it to SymPy's parse_expr. SymPy tokenizes input as Python and evaluates it — expressions like

Join discussion

AAAdithyan Arun Kumaradithyanak.com

Remote Code Execution via unrestricted `eval()` in TruLens

May 16 · 3 min read · Summary TruLens calls Python's eval() builtin on the raw string returned by an LLM provider at src/feedback/trulens/feedback/llm_provider.py:2714. The intent is to parse a Python list literal, but eva

Join discussion

AAAdithyan Arun Kumaradithyanak.com

Context-Level Secret Isolation for AI Coding Agents with Agentmask

Apr 6 · 5 min read · Once a secret enters the agent's context window, the attack surface is wide open: Prompt injection via external tools - a compromised MCP server, a malicious package README, or a crafted API response

Join discussion

AAAdithyan Arun Kumaradithyanak.com

RAGAS v.0.2.14 Arbitrary File Read Vulnerability

Apr 1, 2025 · 5 min read · The Arbitrary File Read in RAGAS was introduced in multimodal eval support feature of release v0.2.3. This vulnerability affects all the versions from v0.2.3 to v0.2.14 (latest) The vulnerability arises because URL provided in retrieved_contexts is i...

Join discussion

AAAdithyan Arun Kumaradithyanak.com

Stealthy PowerShell Shellcode Execution: Diskless Techniques with UnsafeNativeMethods

Mar 31, 2025 · 3 min read · PowerShell is a versatile scripting language commonly used for system administration, automation, and penetration testing. In certain scenarios, executing shellcode in memory without touching the disk can be advantageous, especially for evading detec...

Join discussion

Adithyan Arun Kumar

About

Available for

Adithyan Arun Kumar's blogs

Recently published

Remote Code Execution in Inspect AI (UK AISI)

Remote Code Execution via unrestricted `eval()` in TruLens

Context-Level Secret Isolation for AI Coding Agents with Agentmask

RAGAS v.0.2.14 Arbitrary File Read Vulnerability

Stealthy PowerShell Shellcode Execution: Diskless Techniques with UnsafeNativeMethods

Search Hashnode

Adithyan Arun Kumar

About

Available for

Adithyan Arun Kumar's blogs

Recently published

Remote Code Execution in Inspect AI (UK AISI)

Remote Code Execution via unrestricted `eval()` in TruLens

Context-Level Secret Isolation for AI Coding Agents with Agentmask

RAGAS v.0.2.14 Arbitrary File Read Vulnerability

Stealthy PowerShell Shellcode Execution: Diskless Techniques with UnsafeNativeMethods