Whitepapers, threat advisories, customer case studies, and the SkyDaemon blog. All open-access — no email required for downloads.
How SkyDaemon auto-populates Article 11 sections A–H from runtime telemetry, AI-BOM, and red-team evidence. Includes a worked example for a financial-services agent.
WHITEPAPERA consolidated taxonomy across OWASP LLM Top 10 (2025), OWASP ASI 2026, MITRE ATLAS, and the alignment / deception surface. Includes the SkyDaemon-original kill-chain framework.
WHITEPAPERMapping AI-specific findings into OCSF Detection Finding (class_uid 2004) so they drop into Splunk ES, Cortex XSIAM, Falcon NG-SIEM, AWS Security Lake out-of-the-box.
WHITEPAPERPer-action provenance proof — how to distinguish actions originating from authenticated user intent vs untrusted retrieved content. The SkyDaemon architecture for action-trust verification.
WHITEPAPERWhy cost-anomaly belongs in the SOC notable-event pipeline, not just FinOps. With detection thresholds, escalation patterns, and IR playbooks.
WHITEPAPERThree-tier detection architecture (native / multilingual / NMT-bridge), code-mixed handling (Hinglish, Spanglish), homoglyph and zero-width attack patterns.
Quarterly published threat advisories covering new attack patterns the SkyDaemon detection team has observed in customer telemetry. CVE-style identifiers; tracked vs MITRE ATLAS.
Attackers embedding directives in PDF /Title and /Author fields read by RAG ingest pipelines. Observed in 7 customer environments since March.
PA-2026-004The Riley-Goodside-style invisible-text attack hitting customer-support agents. SkyDaemon ships a strip-and-decode normalizer in detector pack 2026.04.
PA-2026-003Markdown-rendering chat clients (Slack, Teams) inadvertently fetching embedded image URLs that leak conversation context. Mitigation: outbound-link allow-list.
PA-2026-002Two known-good model uploads to a public registry contained pickle gadgets executing on .load(). The SkyDaemon model scanner adds detection in pack 2026.03.
PA-2026-001Anthropic-style sleeper-agent failure mode confirmed in two open-weight LoRA adapters. Detection via output-distribution KS-test against trigger candidates.
PA-2025-018Single hostile document tuned to be top-k for a wide query class. Cluster-outlier detection added to corpus-ingest scanner.
How customers are deploying SkyDaemon in production. Anonymized by request.
Health-claims agent stack on AWS Bedrock + LangChain. Annex IV bundle accepted as primary auditor evidence. SOC 2 Type II carve-out for AI controls.
HEALTHCAREPatient-triage agent using RAG over clinical guidelines. SkyDaemon caught indirect injection in two corpus documents and a misconfigured Bedrock guardrail in the first 24h.
RETAILCustomer-support agent fleet (12 agents, 3 LLM providers). SkyDaemon OCSF v1.3 stream into Splunk ES Premier — analysts triage AI findings with the same playbooks as EDR alerts.
Engineering deep-dives, product launches, and threat-intel posts.
Per-action provenance proof — how we trace every tool call back to the conversational segment that triggered it.
PRODUCTAdding sleeper-agent / sycophancy / sandbagging / eval-gaming detection. New LLM observability bridges to Langfuse, LangSmith, Arize, Galileo.
THREAT INTELWhat we found auditing 200+ public MCP servers. Reputation scoring methodology, plus the top 10 MCP servers we'd quarantine.
ENGINEERINGHow SkyDaemon translates internal finding rows into OCSF class_uid 2004 events. Code samples + Splunk dashboard pack.
COMPLIANCESection-by-section walkthrough of Article 11 + Annex IV. What SkyDaemon auto-populates vs what you still own.
RESEARCHThe eval harness, the corpus construction, and what we learned about Tier-3 NMT-bridge detection latency.