Zhuque Lab’s Red Teaming Bot—an automated vulnerability discovery and adversary simulation platform powered by multi-agent orchestration—successfully conducted rapid security audits on targets including OpenClaw and the Linux kernel.
Read Full Article arrow_forward
Tencent Zhuque Lab recently uncovered widespread security vulnerabilities in popular AI tools, including DeepSeek. If left unmitigated, these flaws could allow attackers to exfiltrate sensitive user data, hijack computational resources, or even gain full control over user devices.To address these threats, we will demonstrate how to use the open-source toolkit AI-Infra-Guard to perform one-click detection and effectively remediate these security risks.
Read Full Article arrow_forward
This article exposes the supply chain security risks hidden within Agent Skills used by AI coding assistants. Research highlights how attackers can weaponize seemingly benign plugins—such as GIF makers or calculators—to steal sensitive keys, deploy ransomware, or establish remote control via "hidden prompts," malicious scripts, or authorization flaws. Since traditional security tools struggle to detect these NLP-based threats, Tencent's Zhuque Lab has introduced A.I.G, an open-source platform that uses "AI to scan AI," providing automated auditing and risk mitigation to build a safer Agent ecosystem.
Read Full Article arrow_forward
Leveraging its open-source A.I.G (AI-Infra-Guard) scanner, Zhuque Lab conducted automated security audits on thousands of MCP projects across major MCP marketplaces and Tencent's internal businesses. This large-scale scan uncovered over 4,000 instances of novel AI security risks and code implementation flaws. Drawing on this vulnerability data, this article breaks down the Top 10 Most Common MCP Security Vulnerabilities of 2025 alongside real-world case studies, empowering developers and enterprise security teams to rapidly conduct MCP risk self-assessments.
Read Full Article arrow_forward
In response to the escalating threat of "jailbreak" attacks against Large Language Models (LLMs), Tencent Zhuque Lab has open-sourced A.I.G. (AI-Infra-Guard), an AI red teaming platform. Featuring a three-pronged core approach—Jailbreak Evaluation, AI infra scan, and MCP Server Scan—the platform enables automated, comprehensive, and proactive security testing for AI systems.
Read Full Article arrow_forward