April 2026

Thomas Cross Donato Capitella
22 Apr 2026

Using Spikee for Multi-Turn Jailbreak Attacks

Documentation of the Spikee framework extension for multi-turn attacks on LLM chatbots and agents. Details Crescendo, Echo Chamber, and GOAT attack implementations, alongside benchmarks evaluating base models, local uncensored attack models, and standard guardrails

Christian Philipov
14 Apr 2026

It's Just a Matter of Time: Backdooring Conditional Access Policies

Conditional Access Policies are a core control in every modern Entra tenant to prevent access outside of expected access methods. A discovery was made on a little-known policy condition that would allow an administrator to define time-based restrictions on when a policy would be evaluated or not. In the event that a sufficiently privileged administrator user was compromised, this capability could allow threat actors to effectively "disable" policies while still seemingly being marked as enabled in the portal.