Alert icon Keyboard navigation enabled.
Alert icon TAB or Shift+TAB to navigate across. Down ↓ to open menu. ESC to close menu.
Alert icon Down ↓ to select section. Right → to activate. Up ↑ / Down ↓ / Tab to traverse all. ESC to exit.
BeyondTrust
Skip to content Use space or enter to skip.

What can we help you find today?

Instant Results
  • Website Results
  • Technical Documentation

Filter Options

Focus your search

Filtering by

Your recent searches:

Contact Us Chat with Sales Get Support
  • English
  • Deutsch
  • français
  • español
  • 한국어
  • português
  • Home
  • Resources
  • Phantom Labs™ current page
Link copied

BeyondTrust Phantom Labs™

CHANNEL

Phantom Labs™ researchers "think like attackers" to expose privilege escalation paths and identity attack vectors, helping defenders proactively uncover misconfigurations and detect threats in complex hybrid and cloud environments. Using advanced graph modeling, Phantom Labs™ researchers map attack paths to privileged access across cloud and on-premises infrastructure.

2000x2000 BT Website Landing Page Banner Channel Section w Icon

Share with a custom URL copied to your clipboard

Filters

Loading
URL Copied!
Copied to Clipboard!

Tags

Channels

Loading:
Loading
AI Agents

A Security Researcher’s Guide to Understanding Copilot Studio AI Agents

A guide to understanding Copilot Studio AI agents, their deeper architecture on Entra ID and APIM, and key security risks.

Continue Reading :A Security Researcher’s Guide to Understanding Copilot Studio AI Agents
Reading Time: 3 mins
True Privilege Graph 2

Detecting Hidden Privilege with Machine Learning: Anomaly Detection in BeyondTrust’s True Privilege Graph

Hidden privilege paths are one of the most dangerous blind spots in identity security. In this Phantom Labs research blog, we explore how statistical modeling and machine learning applied to the BeyondTrust True Privilege™ Graph can detect anomalous privilege paths and unexpected access relationships across complex environments.

Continue Reading :Detecting Hidden Privilege with Machine Learning: Anomaly Detection in BeyondTrust’s True Privilege Graph
Reading Time: 5 mins
Hidden Permissions

Salesforce Access Risk: How Hidden Permissions Create Security Blind Spots

Uncover hidden power and privilege in your organization. Learn how scattered permissions, connected apps, and APIs create Salesforce access risk.

Continue Reading :Salesforce Access Risk: How Hidden Permissions Create Security Blind Spots
Reading Time: 4 mins
AI Security

Claude & Control: An Introduction to Agentic C2 with Computer Use Agents

This blog explores how computer use agents can be used to build an agentic command-and-control framework. By combining LLM reasoning with desktop interaction tools, attackers could automate endpoint control while blending into normal system behavior. Here, we break down the architecture, abuse scenarios, and detection opportunities.

Continue Reading :Claude & Control: An Introduction to Agentic C2 with Computer Use Agents
Reading Time: 12 mins
BT Resources BLOG thumbnails 2000x2000 33

How Command Injection Vulnerability in OpenAI Codex Leads to GitHub Token Compromise

The integration of AI coding agents into developer workflows have introduced new, high-impact attack surfaces. BeyondTrust Phantom Labs recently identified a critical command injection vulnerability in OpenAI Codex that allowed for the theft of GitHub User Access Tokens. This blog provides a deep dive into the exploit, the risks of automated token exfiltration, and essential mitigations for AI vendors and the organizations that deploy them.

Continue Reading :How Command Injection Vulnerability in OpenAI Codex Leads to GitHub Token Compromise
Reading Time: 4 mins
BT Webinar Resource Card 660x660

AI Security: From a Threat Researcher’s Perspective

Continue Reading :AI Security: From a Threat Researcher’s Perspective
Reading Time: 29 mins
  • AI Agents
    May 26, 2026

    A Security Researcher’s Guide to Understanding Copilot Studio AI Agents
    Blog
    3m
  • True Privilege Graph 2
    Apr 27, 2026

    Detecting Hidden Privilege with Machine Learning: Anomaly Detection in BeyondTrust’s True Privilege Graph
    Blog
    5m
  • Hidden Permissions
    Apr 20, 2026

    Salesforce Access Risk: How Hidden Permissions Create Security Blind Spots
    Blog
    4m
  • AI Security
    Apr 9, 2026

    Claude & Control: An Introduction to Agentic C2 with Computer Use Agents
    Blog
    12m
  • BT Resources BLOG thumbnails 2000x2000 33
    Mar 30, 2026

    How Command Injection Vulnerability in OpenAI Codex Leads to GitHub Token Compromise
    Blog
    4m
  • BT Webinar Resource Card 660x660
    Feb 12, 2026

    AI Security: From a Threat Researcher’s Perspective
    On-Demand Webinar
    29m

Explore All Research:

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied

Hooked on Identity (Part 2): Abusing OAuth Trust Boundaries in Okta

Read Now

Hooked on Identity: Abusing SAML Assertion Inline Hooks in Okta

Read Now

A Security Researcher’s Guide to Understanding Copilot Studio AI Agents

Read Now

The AWS Bedrock API Keys Security Guide Part 2: Detection, Prevention, and Response

Read Now

The AWS Bedrock API Keys Security Guide Part 1: Risks, Vulnerabilities, and Attack Techniques

Read Now

Detecting Hidden Privilege with Machine Learning: Anomaly Detection in BeyondTrust’s True Privilege Graph

Read Now

Salesforce Access Risk: How Hidden Permissions Create Security Blind Spots

Read Now

Claude & Control: An Introduction to Agentic C2 with Computer Use Agents and Safeguard Bypasses

Read Now

How Command Injection Vulnerability in OpenAI Codex Leads to GitHub Token Compromise

Read Now

Pwning AI Code Interpreters in AWS Bedrock AgentCore

Read Now

From Heuristics to Histograms: Reinventing Kerberoasting Detections

Read Now

“Evil VM”: From Guest Compromise To Entra Admin In 9 Easy Steps

Read Now

Restless Guests: The True Entra B2B Guest Threat Model

Read Now

How to Detect Session Hijacking Before It’s Too Late: A Data Science Approach

Read Now

A Guide to Using Longitudinal Data Analysis for Improved Identity Threat Detection

Read Now

Entra ID App Escalations: Attacks & Defenses

Read Now

AD CS 102: How to Detect and Mitigate ESC4 Attacks on Active Directory Certificate Services

Read Now

AD CS 101: Introduction to Active Directory Certificate Services & How to Detect and Mitigate ESC1 Attacks

Read Now

Keep up with BeyondTrust

Customer Support Get Started
  • LinkedIn
  • X
  • Facebook
  • Instagram
  • Add BeyondTrust as a preferred source on Google
  • Privacy
  • Security
  • Manage Cookies
  • Do Not Sell My Data
  • WEEE Compliance

Copyright © 2003 — 2026 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.

Prefers reduced motion setting detected. Animations will now be reduced as a result.