TalEliyahu · WRG-11 · Jun 12, 2026
diff --git a/README.md b/README.md
@@ -549,6 +549,7 @@ Adversarial prompt datasets-both text-only and multimodal-designed to bypass saf
 - [AI GOAT](https://github.com/dhammon/ai-goat) [![GitHub Repo stars](https://img.shields.io/github/stars/dhammon/ai-goat?logo=github&label=&style=social)](https://github.com/dhammon/ai-goat) - Vulnerable LLM CTF challenges for learning AI security.
 - [Damn Vulnerable LLM Agent](https://github.com/ReversecLabs/damn-vulnerable-llm-agent) [![GitHub Repo stars](https://img.shields.io/github/stars/ReversecLabs/damn-vulnerable-llm-agent?logo=github&label=&style=social)](https://github.com/ReversecLabs/damn-vulnerable-llm-agent)
 - [AI Red Teaming Playground Labs - Microsoft](https://github.com/microsoft/AI-Red-Teaming-Playground-Labs) [![GitHub Repo stars](https://img.shields.io/github/stars/microsoft/AI-Red-Teaming-Playground-Labs?logo=github&label=&style=social)](https://github.com/microsoft/AI-Red-Teaming-Playground-Labs) - Self-hostable environment with 12 challenges (direct/indirect prompt injection, metaprompt extraction, Crescendo multi-turn, guardrail bypass).
+- [MCP Object-Authz Lab](https://github.com/WRG-11/mcp-objauthz-lab) [![GitHub Repo stars](https://img.shields.io/github/stars/WRG-11/mcp-objauthz-lab?logo=github&label=&style=social)](https://github.com/WRG-11/mcp-objauthz-lab) - Vulnerable-by-design MCP server for practicing object-level / cross-tenant authorization (BOLA/IDOR) bugs, with a hunt checklist.
 
 ### Bespoke
 - [Trail of Bits - AI/ML Security & Safety Training](https://www.trailofbits.com/services/software-assurance/ai-ml/) - Courses on AI failure modes, adversarial attacks, data provenance, pipeline threats, and mitigation.