About

who am i

I’m Ido Levi — AI security researcher and R&D lead at AltSec, a cybersecurity company.

I spend my time exploring the attack surface of AI agent ecosystems: skill marketplaces, MCP servers, tool chains, and the trust boundaries that emerge when autonomous systems start installing software and calling APIs on their own.

what is this

This blog is where I publish security research, vulnerability disclosures, and analysis of the emerging AI agent threat landscape. The focus is on practical, technical work — kill chains, IOCs, and real attacks in the wild.

the thesis

AI agents are the next major attack surface. They operate with real permissions, consume untrusted input as instructions, and the ecosystems being built around them repeat every mistake from the early days of mobile app stores and package managers — but at machine speed.

Someone needs to be finding these problems before they scale. That’s the work.

contact

• Email: ido@altsec.io
• Twitter/X: @idolevi
• Company: altsec.io

> connection established
> secure channel active
> ready for input_