Research gaps

Verified-thin areas as of June 2026, each a potential article or research artifact. Caveat: this field closes gaps in weeks; re-run a novelty scan before committing.

Gap 01 - OT/ICS × agent protocols

The capability is deployed (commercial MCP-to-OPC-UA/Modbus bridges) but a focused security analysis mapping MCP/A2A attacks to the Purdue model and IEC 62443 physical-consequence escalation does not exist. Your OT offensive background is the differentiator. Thesis: Threat-model + reproducible OT testbed measuring whether injection/tool-poisoning can drive unsafe physical actions.

Gap 02 - Cross-protocol confusion benchmark

Named conceptually but not empirically measured: an attack originating in an A2A result detonating through an MCP tool call. Thesis: A falsifiable harness quantifying how often injected A2A content triggers unauthorized MCP actions.

Gap 03 - Offensive A2A ↔ A2ASecBench diff

Comparing current offensive A2A techniques against the first A2A benchmark shows where established technique is current vs where the field moved. Thesis: A practitioner write-up of the delta - low-risk, suited to an offensive-security lens.

Positioning

Your edge: a decade of offensive practice plus a current enterprise-security seat. The literature is strong on taxonomy, weak on “here is what happened when we attacked it.” Pick one gap, build a small reproducible artifact, write the bridge between the threat-model papers and operational reality.