AREA · 01
AI Agent Security
The execution and containment properties of autonomous agents operating on developer workstations.
- Autonomous execution surfaces
- Agent containment models
- Prompt injection chains
Silicon Valley, CA · Independent nonprofit · Est. 2026
Silicon Valley, CA · Institute launch · Est. 2026
Building research on autonomous AI safety.
Medulla AI Security Research Institute is newly established in Silicon Valley, California. We are forming a program around AI agent security, Model Context Protocol ecosystems, and the runtime conditions under which autonomous software can be operated safely on real endpoints — and we welcome partners who want to work in the open.
§ 01Mission
An independent layer of research between AI agents and the systems they touch.
Medulla AI Security Research Institute is an independent nonprofit in its founding phase, based in Silicon Valley, California, focused on the safety, transparency, and governance of autonomous AI systems and local AI runtime environments. Our aim is to publish open research, ship reference security tooling, and contribute to technical standards as the program matures — starting from a clear agenda and careful partnerships, not from a backlog of finished work we are claiming today.
P · 01 / RESEARCH
AI Runtime Threat Research
We will prioritize original analysis of attack surfaces unique to autonomous coding agents, MCP servers, and on-device model orchestration runtimes.
P · 02 / OPEN SOURCE
Reference Security Tooling
We intend to release production-minded open source for the AI agent ecosystem, including LLMGuard — runtime protection for macOS endpoints — as engineering milestones allow.
P · 03 / STANDARDS
Agent Safety Standards
Contributions we aim to make over time: reproducible benchmarks, threat taxonomies, and best-practice guidance for organizations adopting autonomous agents at scale.
§ 02Research Areas
Founding research agenda.
While peer-reviewed outputs are not yet available, our work is organized around the operational reality of modern AI agents — where they execute, what they touch, and how their behavior can be observed, contained, and governed.
AREA · 02
MCP Ecosystem Security
Trust boundaries, protocol governance, and exposure of remote tool servers in the Model Context Protocol.
- MCP trust boundary modeling
- Remote execution risk classes
- Protocol governance proposals
AREA · 03
AI Runtime Protection
Real-time monitoring, policy enforcement, and isolation primitives for local AI execution.
- Local AI runtime monitoring
- AI-native EDR architecture
- Secure execution layers
AREA · 04
Threat Intelligence
CVE research, exploit chain analysis, and runtime telemetry across the agent ecosystem.
- CVE research & coordination
- Exploit chain analysis
- Runtime telemetry corpora
§ 03Publications
Research outputs — forthcoming
When technical notes, papers, or advisories are ready, we will publish them openly under permissive licenses with reproducible methodology and coordinated disclosure where vulnerabilities are involved. There is nothing to list yet — the institute is new and outputs are in preparation.
No research outputs have been published yet. This section will list papers, briefs, and other releases as they ship. If you are working in a related area and want to coordinate early, we would welcome a conversation.
Announcement-only channel · no mailing list yet
Request updates§ 04Roadmap
How the institute intends to scale from launch.
Dates are targets, not promises. We will adjust as partners join and as our first technical work proves out — but we publish a roadmap so expectations stay grounded in reality.
Phase · 00 / Now
2026 · Q2
Foundation
Public charter and governance, disclosure channel, research agenda refinement, and early conversations with academics, security teams, and open-source maintainers. No publication obligations until the program is staffed and scoped.
Phase · 01
2026 · Q3–Q4
First technical artifacts
Initial threat-model or landscape note on AI agent and MCP runtime risk, plus a documented disclosure workflow for coordinated findings. LLMGuard moves from concept toward an auditable preview where feasible.
Phase · 02
2027
Releases & community
First open-source milestone for LLMGuard or an adjacent tool, a small public event series (see below), and clearer standards-facing deliverables — benchmarks or taxonomy drafts — informed by partner feedback.
Phase · 03
2027+
Sustaining research
Deeper long-running projects as funding and collaboration allow: expanded publications, sustained disclosure coordination, and tooling maintained in public with predictable release cadence.
§ 05Events
Where we show up and invite collaboration.
Most programming is still being scheduled. If you would like Medulla to participate in a workshop, panel, or closed technical exchange, use the contact channel — we prioritize small, high-signal forums.
Institute office hours
Public Q&A on mission, roadmap, and disclosure. No recordings at first; details and registration link will be posted here when the first session is scheduled.
Target: late 2026 · TBA
Request notificationAI runtime safety roundtable
Invitation-only technical discussion on containment patterns for coding agents and MCP trust boundaries. A short summary may be published afterward if participants agree.
Target: 2027 · TBA
Nominate a participantNo past events yet
The institute just launched. Past talks and workshops will be listed here with titles, dates, and materials when available.
Host Medulla at your event
We consider conferences, university seminars, and community meetups that align with our principles. Include format, audience, and expected level of technical depth.
Propose an event§ 06Open Source
Open source as we ship it.
The institute's open-source work will follow the same norms we aim to apply to research: permissive licensing, vendor neutrality, and software designed without mandatory telemetry, third-party runtime dependencies, or cloud coupling. The first projects are still taking shape.
Flagship initiative · In development · macOS
LLMGuard preview
LLMGuard is our planned local security layer for detecting, auditing, and containing high-risk behavior from AI agents — copilots, MCP-driven tools, and other autonomous assistants — on macOS 14+. Details and code will appear as milestones are reached; the preview below illustrates the intended experience.
Project · 02 / Planned
MCP Audit Toolkit
Static and dynamic analysis for Model Context Protocol servers.
Project · 03 / Planned
AI Runtime Benchmark Suite
Reproducible benchmarks for agent containment and policy evaluation.
Project · 04 / Planned
Agent Policy Engine
Open policy language for governing autonomous agent behavior.
§ 07Principles
The commitments we are building around.
Even at launch, Medulla is defined by how it intends to work. These principles will guide what we publish, how we collaborate, and which mandates we will not accept as the institute grows.
PR · 01
Transparency
Open research and reproducible analysis. Methods, data, and decisions are documented in the public record.
PR · 02
Independence
No commercial AI platform affiliation. Funding, governance, and research priorities are kept separate from vendor interests.
PR · 03
Public Benefit
Research focused on the safety of the broader AI ecosystem — practitioners, developers, and the public alike.
PR · 04
Open Collaboration
Active support for academic researchers, security teams, and open-source communities advancing AI runtime safety.
§ 08 · Collaboration
Collaborate with the institute.
Medulla works alongside academic groups, security teams, standards bodies, and open-source maintainers. If your work intersects with AI agent or runtime safety, we would like to hear from you.
Contact the Institute