Skip to content
AI Security Hub

About

About & Methodology

What this Hub is, how we source and classify intelligence, and how we keep editorial coverage independent of sponsorship.

What this is

The Agentic AI Cybersecurity Intelligence Hub tracks agentic-AI and AI-cybersecurity threats and hosts an authoritative CISO reference framework for securing agentic AI and Model Context Protocol (MCP) deployments. It is built for boards and the C-suite, CISOs, and the security engineers who implement the controls.

This is a Phase 0 prototype. Every threat item shown is illustrative sample data written for the prototype — there is no live ingestion yet.

How we source

We monitor vendor advisories, CVE feeds, national-CERT and CISA guidance, OWASP and academic research, and reputable security reporting. We prize authority over volume: items are curated and de-duplicated rather than aggregated wholesale.

  • We summarise every item in our own words and link out to the original sources — we never reproduce third-party article text.
  • We frame threats and controls around identity, permissions, and blast radius.
  • Each item maps to one or more of the eight framework pillars.

How we classify

Items carry a severity, a threat type (vulnerability, incident, advisory, research, or regulation), and a category. Severity uses a five-level scale:

  • Critical
  • High
  • Medium
  • Low
  • Info

Editorial independence

This Hub is independent and not sponsored. Commercial tooling appears only in the clearly-labelled Solutions zone, never inside the neutral threat feed, and our threat selection and ratings are made independently of any vendor.

Creator

Created by Winston Tan, Senior Cybersecurity Director, focused on securing agentic AI and MCP gateways with hardware-rooted guardrails. He built this hub to give security leaders near-real-time intelligence on agentic-AI and MCP threats, alongside a practical CISO framework for securing agentic AI and MCP deployments.

Connect on LinkedIn →

Security of this site

The site practises what it preaches: no inline scripts, no secrets in the repository, privacy-first analytics, and a strict content-security posture. It is intended to be a small reference implementation of the principles it advocates.