Search

DOCA Vault is a data security framework purpose-built for file-based, AI-native storage, enabling real-time control over how data is accessed across the AI factory. DOCA Vault enforces granular authorization policies directly in silicon, independent of the host operating system and storage platform.  This enables a zero-trust access layer for file-based storage, ensuring that only authorized AI workload processes—including agents, training jobs, inference services, and AI applications—can access the specific data required for operation and only with explicitly permitted actions. Unlike traditi

For simple applications, a single hijack might be the end of the attack path. But in agentic systems, where AI models plan, decide, and act autonomously, attackers exploit a feedback loop: iterate and pivot. Once an attacker successfully hijacks model behavior, they can: Pivot laterally: Poison additional data sources to affect other users or workflows, scaling persistence. Iterate on plans: In fully agentic systems attackers can rewrite the agent’s goals, replacing them with attacker-defined ones. Establish command and control (C2): Embed payloads that instruct the agent to fetch new attack

In the recon stage, the attacker maps the system to plan their attack. Key questions an attacker is asking at this point include: What are the routes by which data I control can get into the AI model?  What tools, Model Context Protocol (MCP) servers, or other functions does the application use that might be exploitable? What open source libraries does the application use? Where are system guardrails applied, and how do they work? What kinds of system memory does the application use? Recon is often interactive. Attackers will probe the system to observe errors and behavior. The more observ

The hijack stage is where the attack becomes active. Malicious inputs, successfully placed in the poison stage, are ingested by the model, hijacking its output to serve attacker objectives. Common hijack patterns include: Attacker-controlled tool use: Forcing the model to call specific tools with attacker-defined parameters. Data exfiltration: Encoding sensitive data from the model’s context into outputs (e.g., URLs, CSS, file writes). Misinformation generation: Crafting responses that are deliberately false or misleading. Context-specific payloads: Triggering malicious behavior only in tar