Notes from the scanner.

Latest posts

• Compliance · EU AI Act · 2026-05-31

  EU AI Act Article 15: the multimodal AI security checklist before 2 August 2026

  The Article 15 cybersecurity deadline is 63 days away. Eight checklist items for high-risk AI providers — covering who actually needs to comply under Annex III, what Article 15(5)’s “adversarial examples or model evasion” language means for multimodal systems, why OCR-before-text-scan does not satisfy the requirement for image inputs, what audit evidence looks like in practice, and what happens to providers that miss the date. Includes the evidence format an assessor reviewing your Annex IV documentation will look for per modality.

  Read the full post →

• Engineering deep-dive · 2026-04-30

  Building a prompt-injection scanner for voice agents: what Whisper drops, and why it matters

  Speech-to-text systems are lossy compressors with quality goals — clean transcripts — that conflict with the goals of a security inspection. By the time text reaches your prompt-injection filter, the bands and timings the audio PI payload was hiding in have already been filtered away. A walk through the four audio-PI subtypes at the byte level, the four-stage build pipeline you can wire in two weeks, the trade-offs we made (CNN over transformer, run-both over replace, no chaining), and what still doesn't work.

  Read the full post →

• Market analysis · 2026-04-30

  What Check Point buying Lakera means for self-serve AI-security buyers

  Big-platform acquirers of self-serve security tools almost never preserve the self-serve motion at the original price. A factual read on the Sept–Nov 2025 Check Point acquisition of Lakera, what enterprise consolidation tends to do to a SMB SKU, and what is left under $100/mo for teams who still need a prompt-injection defence in 2026.

  Read the full post →

• Architecture · 2026-04-25

  Why every text-only prompt-injection scanner misses a 30-pixel PNG

  A 900-byte image with eight rendered words on it routes around every text-only PI defender on the market. That is not a tuning failure — it is the intended scope of those products, and the gap will not close by improving them. The architectural argument, written for engineers and AppSec leads deciding whether their current defence is enough.

  Read the full post →

• Threat model · 2026-04-25

  The multimodal prompt-injection threat model for AI product teams (2026)

  Every public-API prompt-injection defender ships with the same blind spot: they inspect text and ignore the two modalities where the real-world payloads now hide. If your product accepts images or audio from anyone other than you, this is your threat model — what the attacks look like, why your current stack misses them, and a defender's playbook you can run this week.

  Read the full post →

What you can expect

• Attack deep-dives — each new payload family we add to the corpus gets a write-up with the exact signatures we detect.
• Benchmarks — confusion matrices on our FigStep / AgentTypo / WhisperInject test set, published per release.
• Integration tutorials — how to wire the scanner into avatar SaaS, voice agents, and screenshot-reading assistants.
• Incident notes — when a real customer gets hit, what we learn, what we change.

Follow day-to-day progress at @bitinvestigator, or join the waitlist and we'll email when the next post is live.