Research

Free papers, organized by pillar

Every paper slots into a defined research pillar so the site compounds authority instead of drifting across unrelated topics. The writing is designed for both newer developers and senior engineers who need the threat context fast.

Membership model Perspective notes

Latest papers

Research papers are now driven from the shared publication source so the catalog and content stay aligned.

Research paperPublished

Why the Modern Build Pipeline Counts as an Attack Surface

Build tooling, CI runners, signing flows, and release automation all become trust-bearing systems once a team ships software at speed.

Free with account8 min readApr 18, 2026
Build securityCI/CDIdentity
Read publication
Research paperPublished

AI-Assisted Phishing Is Workflow Abuse With Better Output

AI does not invent a new trust problem here. It lowers the cost of believable output, which makes workflow trust harder to defend.

Free with account7 min readMar 28, 2026
AI securitySocial engineeringThreat workflows
Read publication

The research pillars

Every paper and eBook must slot into one pillar. That keeps today’s publishing work aligned with the service verticals Banjico will eventually sell.

Supply-chain hardening consulting

Supply-Chain Security

Dependency poisoning, typosquatting, malicious packages, build compromise, and update-path abuse.

Use this pillar →

AI integration security

AI Weaponization and Defense

AI-assisted phishing, prompt injection, deepfake social engineering, and adversarial workflow abuse.

Use this pillar →

Secure web systems and custom software

Secure Full-Stack Engineering

Secure defaults, auth patterns, hardening, deployment hygiene, and application threat modeling.

Use this pillar →

Identity and pipeline security

Identity and CI/CD Security

Token theft, OAuth misuse, secrets exposure, pipeline poisoning, and build-system trust boundaries.

Use this pillar →

Developer security training and audits

Developer Threat Landscape

Extension attacks, IDE compromise, social engineering, and the habits that make builders easier to target.

Use this pillar →

Security architecture consulting

Defensive Architecture

Zero-trust patterns, segmentation, incident readiness, and infrastructure review for small teams.

Use this pillar →

Paper structure

Each paper follows the same editorial shape so the library stays readable and useful at scale.

  1. Abstract
  2. Threat context
  3. Technical analysis
  4. Synthesis
  5. Implications and recommendations
  6. References

Editorial standards

Public research should read like it was written by someone who has done the work and cited the work.

Evidence first

Primary sources, vendor advisories, CVE records, OWASP, MITRE ATT&CK, and NIST before opinion.

Actionable structure

Every paper ends with practical implications, not just diagnosis.

Readable at two levels

Newer developers can follow the context; senior engineers still get technical value.

No filler

The copy should be restrained, specific, and free of sales language.

Read the latest work or start a conversation

If a paper maps directly to your problem, use the discovery flow and scope the work from there.