SecuraAITRUSTED AI SECURITY
Get a quoteBook a demo
DiscoverVistaraContinuous Discovery & Governance

Inventory every AI, agent and chatbot across your enterprise — including shadow AI — and risk-tier each one.

ScanProbexaModel Risk Scanning

Static security scanning of ML model artifacts — unsafe serialization, malicious loaders and supply-chain risk — without executing the model.

EvaluateSafeEvalConversational AI Safety

Multi-turn adversarial safety testing for chatbots and voice agents, with specialized clinical domains.

Red TeamSeraRed Teaming + Agentic

Automated adversarial probes exposing jailbreaks, prompt injection, goal hijack and tool abuse across your agents.

Industries
HealthcareMental Health AI SafetyFinancial ServicesGovernmentEducation
AcademyResourcesCompanyResearchBook a demo ↗
/ Open Research Initiative

Project Feral

An open security-research initiative threat-modeling real-world agentic AI — applying OWASP ASI, CSA MAESTRO, and MITRE ATLAS to systems that are already in the wild.

v1.0 · Feb 2026CC BY-NC-SA 4.0Free for non-commercial research
Explore the research portal Join Phase II
Project Feral — OpenClaw threat-model dashboard: top-level threat enumeration, severity, and MAESTRO layer distribution.
OpenClaw threat model — Phase I architecture-focused red-team assessment.
/ The initiative

Threat-modeling agentic AI, in the open.

Project Feral is SecuraAI's independent analysis of OpenClaw, an open-source AI-agent platform that passed 200,000 GitHub stars in two months. OpenClaw grants agents autonomous access to shell commands, file systems, messaging, and 100+ integrations through the Model Context Protocol — and its explosive growth outpaced its security posture, with thousands of instances exposed publicly within days.

It is one of the first practical applications of the OWASP Agentic Security Initiative (ASI) Top 10 (2026), the CSA MAESTRO 7-layer architecture framework, and the MITRE ATLAS taxonomy to a real-world agentic system — and the entire body of work is published openly for educators and researchers.

/ Phase I findings

An architecture-level threat model.

10
Threats enumerated
3 Critical · 4 High · 3 Medium
5
Multi-stage attack chains
incl. the "Alpha Chain" → full RCE
6
Trust boundaries mapped
across the architecture
10/10
OWASP ASI coverage
every category addressed
7/7
CSA MAESTRO layers
full architectural mapping
/ Phase I.5 · validated by the real world

The model held up against real incidents.

After release, the Phase I threat model was cross-referenced against real-world incidents and OpenClaw patches. The findings were borne out.

7/10
Validated by real-world incidents
4/10
Matched to a MITRE ATLAS case study
6/10
Partially mitigated by later patches
  • CVE-2026-25253 · CVSS 8.8

    One-click RCE via token exfiltration — maps directly to OC-T01 (prompt injection) and OC-T02 (unsandboxed execution).

  • ClawHavoc campaign

    335 malicious skills found in the ClawHub marketplace — validating OC-T05 (supply chain), which was upgraded from High to Critical.

  • MITRE ATLAS · Feb 2026

    Four new case studies (AML.CS0048–0051) and seven new agentic-AI techniques added to the ATLAS framework.

/ Method

A tri-framework approach.

Three complementary standards, so findings speak the language security teams already use.

OWASP ASI Top 10 (2026)

The risk taxonomy for agentic-AI applications — the language security teams use to classify what can go wrong.

CSA MAESTRO

A 7-layer architectural decomposition for multi-agent systems, used to locate each threat in the stack.

MITRE ATLAS

Adversarial tactics, techniques, and procedures for AI/ML systems — tying findings to documented real-world cases.

/ Reports

Read the research.

Phase I

Architecture Threat Model

The complete architecture-level threat model — 10 threats, 5 attack chains, 6 trust boundaries, with full OWASP ASI and CSA MAESTRO mapping and a prioritized remediation roadmap.

Read the report Phase I.5

Real-World Validation

A delta analysis cross-referencing the threat model against real incidents and OpenClaw patches — 7 of 10 threats validated, with MITRE ATLAS case-study matches.

Read the report
/ Open access

Free for educators & researchers.

All Phase I and Phase I.5 materials are published under CC BY-NC-SA 4.0 for non-commercial educational use — built for course case studies, student projects, research baselines, and framework validation.

License & disclosure
/ Phase II · call for participation

Test it with us.

SecuraAI is recruiting academic collaborators, security researchers, and industry partners for hands-on testing against an isolated OpenClaw environment — red teaming, vulnerability scanning, defensive tooling, and comparative analysis.

Register for Phase II
/ Project Feral

Explore the full research portal.

Threat browser, attack chains, methodology, and the complete reports — open and free.

Open the portal

Architecture-level analysis based on public source code and documentation. Project Feral is not a penetration test, vulnerability scan, or formal security audit, and SecuraAI maintains no affiliation with the OpenClaw platform maintainers. Provided for educational and defensive security purposes.