Zenity Labs: The Bleeding Edge

At Zenity, we like to say we don't only exist on the bleeding edge; we are the bleeding edge. It's a defensible claim. Zenity Labs consists of multiple teams focused on various technical disciplines within the security industry, and while the Labs moniker sits loosely over the group, the work it produces tells a unified story around AI Agent security.

Security Research

The Labs story started with security research, and it's still what the group is best known for today. The mission of the security research function is, and always has been, to research the technologies behind business innovation. Allowing industry experts to understand how they work and to uncover the security gaps that both the vendors need to address and that the wider industry needs to understand.

The best of the best work to hack new technologies as soon as they drop. Some of the most well-known examples of Zenity Labs research have been presented by team members on fabled stages like DEF CON, Black Hat, and RSA.

This research is always shared publicly once the disclosure process is complete. The team also contributes these new agentic AI tactics, techniques, and procedures (TTPs) back to the MITRE ATLAS framework, so the whole industry can benefit.

Security Policy and Standards Advocacy

Another core function of Zenity Labs is engaging with and supporting AI security policy and standards. As AI Agent security subject-matter experts, members of the team volunteer with the most advanced standards bodies producing AI security content today. That representation spans several OWASP projects: the GenAI Security Project, including both the LLM Top 10 and the Agentic Security Initiative, and the Citizen Development Top 10 (formerly the Low-Code/No-Code Top 10).

The team's goal is to contribute the technical knowledge and time needed to write and support the standards the security industry urgently needs to keep pace with the rising agentic AI tide.

Standards provide the technical scaffolding that supports policy, which is why the team also focuses on education and evangelism for policymakers. Advocating for the inclusion of AI agents in AI security policy is at the forefront of this work. The Labs group contributes to RFIs and other formal channels to educate policymakers, and engages directly through workshops and in-person roundtables with the same intent. One example of a prominent organization the team engages with is the National Institute of Standards and Technology (NIST). From providing tactical and in-depth comments around initiatives like the Cybersecurity FrameworkAI Community Profile, the CAISI RFI for their Agentic AI initiative, and the Accelerating the Adoption of Software and AI Agent Identity and Authorization Concept Paper, to engaging in in person events like the NIST NCCoE workshops and roundtable discussions, the team strives to provide concrete agent security context and recommendations to improve Federal AI Security .

Open Source

One theme runs consistently through both the research and the policy and standards work: open source. Findings from security research are disclosed publicly. The tools Labs builds to map the agentic AI attack surface are released as open source. And the industry initiatives Labs forms are launched into the open for the whole community to contribute to. We firmly believe we have to bring others along on the journey, and that can't happen if these contributions are made quietly, behind closed doors.

You can find some of the open-source initiatives and tools that Zenity Labs leads here:

• Labs Tools - power-pwn
• ttps.ai
• Agent Control Standard

Community

Beyond open source, the other thread running through everything Zenity Labs does is community. Labs is focused on leveling up the security community at every turn, across every group it touches, including researchers, standards contributors, policymakers, and practitioners alike.

The AI Agent Security Summits have been running for over a year now, with three events down and three to go to close out 2026. These practitioner-focused events bring together leading voices to share their experience and research on AI Agents. The audience spans the full range of practitioners, from individual-contributor security engineers up to CISOs; the only real qualification to attend is a passion for the security of AI Agents.This year, Zenity Labs also launched 0-dAI, a security researcher community built as a central place for researchers to share their work, mentor one another, and learn together. The community operates on the belief that real AI security resilience has to be built out in the open, not behind closed doors or inside siloed corporate teams. Membership spans defenders, academics, and hackers, and the community gives all of them early access to Zenity Labs research the moment it drops, alongside unique opportunities to collaborate directly with the internal Red Team. Beyond research sharing, 0-dAI plans include supporting community members financially by sponsoring travel and presentations at major AI security conferences, and funding local meetups. On the roadmap: a dedicated AI hacking conference, a direct submission route for novel attacks and 0-days and live Show & Tell webinars. It's a community with real resources behind it, built to give back at every level.

Paying it Forward

We're honored to collaborate with the best in AI Agent security, and to contribute to the research, standards, frameworks, and policy that tangibly help security teams secure AI Agents in their environments. That's the mission of Zenity Labs.