feat: PentAGI AI Agent Security Analysis — Case Study #2

.trivyignore

@@ -2,3 +2,8 @@
 # These are expected findings documented as part of the IaC security gap analysis research.
 # The AWS key AKIAIOSFODNN7EXAMAAA is AWS's official example/documentation key pattern.
 AVD-SECRET-0001
+
+# PentAGI case study HTML reports contain security research content that describes
+# detected attack patterns (EXFILTRATION, PROMPT_INJECTION, env var probing) as evidence.
+# These are documented findings, not active payloads. Approved FP — see SECURITY_AUDIT_LOG.md 2026-06-17.
+AVD-SECRET-0002

CONTRIBUTING.md

@@ -9,9 +9,11 @@
 ## Research Standards
 
 All contributions must meet the same bar as published studies:
-- Findings reproducible from publicly available tools (Trivy, Checkov, pq-audit, TruffleHog)
+
+- Findings reproducible from publicly available tools (Trivy, Checkov, pq-audit, TruffleHog, Falco)
 - Evidence provided as raw tool output (JSON preferred)
 - No client or proprietary data — lab/intentionally-vulnerable repos only
+- AI agent studies: behavioral analysis must use runtime monitoring (Falco or equivalent) — static analysis alone is not sufficient
 
 ## Commit Signing
 

README.md

@@ -5,7 +5,7 @@
 <br><sub>Banner generated with AI assistance · MK ScorpioSec</sub>
 </p>
 
-> IaC security research — applied findings from real-world infrastructure analysis.
+> Applied security research — IaC, AI agents, and infrastructure analysis. Raw evidence published with every finding.
 
 [![License](https://img.shields.io/badge/License-Apache_2.0-D62828?style=flat-square)](LICENSE)
 [![Security](https://img.shields.io/badge/Security-Policy-blue?style=flat-square)](SECURITY.md)
@@ -14,9 +14,10 @@
 
 ## Studies
 
-| Study | Description | Status |
-|-------|-------------|--------|
-| [TerraGoat gap analysis](terragoat-2026-04/) | 187 undocumented findings across Checkov, Trivy, and pq-audit. Running only the official scanner shows 23% of actual exposure. | `ready` |
+| # | Study | Description | Status |
+|---|-------|-------------|--------|
+| 1 | [TerraGoat gap analysis](terragoat-2026-04/) | 187 undocumented findings across Checkov, Trivy, and pq-audit. Running only the official scanner shows 23% of actual exposure. | `ready` |
+| 2 | [PentAGI — AI agent security analysis](pentagi-2026-04/) | 4 CRITICAL findings in static analysis. 462 EXFILTRATION events + 24 PROMPT_INJECTION attempts in behavioral analysis. 73.7% threat rate across 274 requests. | `ready` |
 
 ---
 
@@ -45,6 +46,7 @@ Third-party tools used across studies:
 | [Trivy](https://github.com/aquasecurity/trivy) | Aqua Security | Apache 2.0 |
 | [Checkov](https://github.com/bridgecrewio/checkov) | Bridgecrew / Palo Alto | Apache 2.0 |
 | [TruffleHog](https://github.com/trufflesecurity/trufflehog) | Truffle Security | AGPL-3.0 |
+| [Falco](https://github.com/falcosecurity/falco) | Falco Security | Apache 2.0 |
 
 ---