Research on Rex Coleman

Research on Rex Colemanhttps://rexcoleman.dev/categories/research/Securing AI from the architecture up. Research, tools, and methodology for AI security. Creator of govML.Rex Colemanhttps://rexcoleman.dev/images/og-default.pnghttps://rexcoleman.dev/images/og-default.pngHugoen-usTue, 31 Mar 2026 12:00:00 +0000AI Security Research → OWASP, NIST, and MITRE Standards Mappinghttps://rexcoleman.dev/posts/ai-security-standards-mapping/Tue, 31 Mar 2026 12:00:00 +0000https://rexcoleman.dev/posts/ai-security-standards-mapping/Cross-reference between 8 original AI security research projects and OWASP LLM Top 10, OWASP Agentic Apps, NIST AI RMF, and MITRE ATLAS. Start from any framework, find relevant research.Our Simulation Was Wrong by 37 Percentage Points — What Real LLM Agents Taught Us About Multi-Agent Cascadehttps://rexcoleman.dev/posts/multi-agent-security/Fri, 20 Mar 2026 12:00:00 +0000https://rexcoleman.dev/posts/multi-agent-security/Simulation predicted 97% cascade poison. Real Claude agents: 60%. Topology matters (simulation said it didn't). The simulation-to-real gap changes everything.Your AI Makes SQL Injection Worse: CWE-Stratified Patch Safety for LLM Code Generationhttps://rexcoleman.dev/posts/llm-patch-correctness/Fri, 20 Mar 2026 12:00:00 +0000https://rexcoleman.dev/posts/llm-patch-correctness/LLM-generated patches have a 42% fix rate and 10% regression rate. SQL injection patches are net-negative — 0% fix, 50% regression.How Many Rewrites to Strip a Watermark? Empirical Paraphrase-Removal Curves for LLM Watermarkshttps://rexcoleman.dev/posts/llm-watermark-robustness/Fri, 20 Mar 2026 11:00:00 +0000https://rexcoleman.dev/posts/llm-watermark-robustness/Cross-model paraphrasing drops watermark detection from 100% to 60% in one pass, then plateaus at 40% after 10 passes. Kirchenbauer green-list watermarks are partially robust — but not enough for adversarial settings.Privilege Escalation Cascades at 98% While Domain-Aligned Attacks Are Invisiblehttps://rexcoleman.dev/posts/agent-semantic-resistance/Fri, 20 Mar 2026 10:00:00 +0000https://rexcoleman.dev/posts/agent-semantic-resistance/First taxonomy of why real LLM agents resist cascade poisoning — and which attacks bypass each resistance pattern.Your AI Can't Beat EPSS at Vulnerability Triage (But the Ensemble Might)https://rexcoleman.dev/posts/agent-vuln-triage/Fri, 20 Mar 2026 10:00:00 +0000https://rexcoleman.dev/posts/agent-vuln-triage/An LLM agent achieves 92% precision@10 on vulnerability triage but underperforms EPSS (100%). The ensemble reaches 98% with lower variance.We Built a Multi-Agent Defense and It Failed — Here's Why That Matters Morehttps://rexcoleman.dev/posts/verified-delegation-protocol/Thu, 19 Mar 2026 22:00:00 +0000https://rexcoleman.dev/posts/verified-delegation-protocol/We proposed a 3-layer defense for multi-agent cascade. Real agent experiments refuted 5 of 7 hypotheses. The simulation was wrong by 48 percentage points.A CFA Charterholder Built an ML Fraud Detector: Here's What the Models Misshttps://rexcoleman.dev/posts/financial-anomaly-detection/Thu, 19 Mar 2026 00:00:00 +0000https://rexcoleman.dev/posts/financial-anomaly-detection/CFA-informed rule-based scoring achieves 0.898 AUC on its own, and 8 of the top 20 predictive features come from domain expertise, not raw data.I Built a PQC Migration Scanner: Here's What Your Codebase Is Hidinghttps://rexcoleman.dev/posts/pqc-migration-analyzer/Thu, 19 Mar 2026 00:00:00 +0000https://rexcoleman.dev/posts/pqc-migration-analyzer/70% of the crypto in your codebase isn't yours to change — and classical exploit risk matters more than quantum vulnerability for deciding what to fix first.Beyond Prompt Injection: RL Attacks on AI Agent Decision-Makinghttps://rexcoleman.dev/posts/rl-agent-vulnerability/Mon, 16 Mar 2026 22:00:00 +0000https://rexcoleman.dev/posts/rl-agent-vulnerability/I trained RL agents on security tasks, then attacked their reward functions, observations, and policies. Observation perturbation is 20-50x more effective than reward poisoning. Policy extraction achieves 72% agreement with just 500 queries.Antivirus for AI Models: Behavioral Fingerprinting Detects What Static Analysis Misseshttps://rexcoleman.dev/posts/model-fingerprinting/Mon, 16 Mar 2026 00:00:00 +0000https://rexcoleman.dev/posts/model-fingerprinting/How do you know a model downloaded from Hugging Face hasn't been backdoored? I built a behavioral fingerprinting system that uses unsupervised anomaly detection to answer that question.I Red-Teamed AI Agents: Here's How They Break (and How to Fix Them)https://rexcoleman.dev/posts/agent-redteam/Mon, 16 Mar 2026 00:00:00 +0000https://rexcoleman.dev/posts/agent-redteam/19 attack scenarios against LangChain and CrewAI agents. 100% success with reasoning chain hijacking. 7 attack classes systematized — 5 not in OWASP or MITRE ATLAS.One Principle, Six Domains: Adversarial Control Analysis for AI Securityhttps://rexcoleman.dev/posts/adversarial-control-analysis/Mon, 16 Mar 2026 00:00:00 +0000https://rexcoleman.dev/posts/adversarial-control-analysis/The same security principle — classify inputs by who controls them — works across network IDS, vulnerability management, AI agents, post-quantum crypto, fraud detection, and AI supply chains.Adversarial ML on Network Intrusion Detection: What Adversarial Control Analysis Revealshttps://rexcoleman.dev/posts/adversarial-ids/Sat, 14 Mar 2026 00:00:00 +0000https://rexcoleman.dev/posts/adversarial-ids/I built and red-teamed an ML-based intrusion detection system. The key finding: which features an attacker controls matters more than which model you choose.Why CVSS Gets It Wrong: ML-Powered Vulnerability Prioritizationhttps://rexcoleman.dev/posts/cvss-gets-it-wrong/Sat, 14 Mar 2026 00:00:00 +0000https://rexcoleman.dev/posts/cvss-gets-it-wrong/I trained an ML model on 338,000 CVEs to find out what actually predicts exploitation. CVSS scores severity. Attackers measure opportunity. The model reveals what they look for.