Skip to content
View SnailSploit's full-sized avatar
💭
Slow and Steady Wins The Shell
💭
Slow and Steady Wins The Shell
7 followers · 3 following

Achievements

Achievement: Pull Sharkx2Achievement: YOLOAchievement: Quickdraw

Achievements

Achievement: Pull Sharkx2Achievement: YOLOAchievement: Quickdraw

Highlights

  • Pro

Block or report SnailSploit

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
SnailSploit/README.md

SnailSploit

GenAI Security Researcher · AI Red Teamer · Adversarial Psychology

Social engineering and prompt injection are the same attack. Different substrate.

Website The Jailbreak Chef LinkedIn

About

I'm Kai Aizen — an independent GenAI security researcher exploring inherited vulnerabilities: the observation that LLMs exhibit the same trust reflexes as humans because they learned from human-generated data. Authority, reciprocity, social proof, urgency — the psychological levers that social engineers have exploited for decades — appear to function similarly in AI systems.

This principle shapes everything I build.

Creator of AATMF · Author of Adversarial Minds · NVD Contributor · OWASP GenAI Security Project

Frameworks & Research

Project Description
AATMF Adversarial AI Threat Modeling Framework — 14 tactics, 40+ techniques for AI/LLM red teaming. Maps to OWASP LLM Top 10, NIST AI RMF, MITRE ATLAS. Accepted into OWASP GenAI Security Project roadmap 2026.
ChatGPT-DNS-Exfill DNS exfiltration via ChatGPT Canvas — demonstrating how rendered content triggers DNS lookups to exfiltrate data without HTTP requests.
chatgpt-rce-dns Validating DNS exfiltration and Python Pickle RCE attack chains in AI code execution sandboxes.

Offensive Tools

Tool Description
KubeRoast Red-team Kubernetes misconfiguration & attack-path scanner. Built from scratch for real-world escalation paths.
Xposure Credential intelligence platform for attack surface reconnaissance and exposed secret detection.
SnailHunter AI-powered bug bounty automation platform combining LLM analysis with traditional security scanning.
Burp MCP Toolkit MCP security analysis toolkit for Burp Suite — test Model Context Protocol servers for prompt injection and tool poisoning.
SnailSploit Recon Chrome MV3 extension for passive reconnaissance and bug bounty recon automation.

Vulnerability Disclosures (NVD)

CVE Target Type
CVE-2026-1208 Welcart (WordPress) CSRF to Settings Update
CVE-2025-12163 Flavor WordPress Plugin Stored Cross-Site Scripting
CVE-2025-12030 ACF to REST API (WordPress) Insecure Direct Object Reference
CVE-2025-11171 WordPress Plugin Authentication Bypass
CVE-2025-9776 WordPress Plugin Access Control Vulnerability

Publications

  • Adversarial Minds: The Anatomy of Social Engineering and the Psychology of Manipulation — Book
  • Hakin9 Magazine — Contributing author on AI security and adversarial research
  • OWASP GenAI Security Project — AATMF accepted into 2026 roadmap

Built on the principle that the vulnerabilities we find in AI are the ones we inherited from ourselves.

Pinned Loading

  1. AATMF-Adversarial-AI-Threat-Modeling-Framework AATMF-Adversarial-AI-Threat-Modeling-Framework Public

    AATMF | An Open Source - Adversarial AI Threat Modeling Framework

    YARA 6

  2. ChatGPT-DNS-Exfill ChatGPT-DNS-Exfill Public

    This repository documents a controlled research experiment that demonstrates how DNS lookups triggered by rendered content can be used to exfiltrate data. The technique leverages the browser's auto…

  3. KubeRoast_v1 KubeRoast_v1 Public

    From-scratch, red-team–oriented Kubernetes misconfiguration & attack-path scanner. Fast, readable, and opinionated toward real-world escalation paths.

    Python 1

  4. CVE-2025-12163 CVE-2025-12163 Public

    CVE-2025-12163: Stored Cross-Site Scripting in Omnipress WordPress Plugin

  5. -whoami -whoami Public

    I'm Kai Aizen, a GenAI Researcher at ActiveFence and the security researcher behind SnailSploit. My expertise lies in offensive security, with a focus that spans Generative AI, AppSec and Open-Sour…

  6. Xposure Xposure Public

    fully autonomous credential intelligence platform that discovers, │ │ extracts, correlates, verifies, and reports exposed secrets across your │ │ target's entire attack surface.

    Python