diff --git a/PENTEST_PLAN.md b/PENTEST_PLAN.md
index 9246641..20c79e4 100644
--- a/PENTEST_PLAN.md
+++ b/PENTEST_PLAN.md
@@ -65,6 +65,16 @@ Testing uses specialized Claude subagents for different security domains, with f
 - Unicode normalization attacks
 - Path traversal attempts
 
+**MIME Detection Abuse (Priority Target):**
+- Magic byte spoofing (embed malicious payload after valid magic bytes)
+- Polyglot files (valid in multiple formats simultaneously)
+- Truncated magic bytes (test boundary conditions)
+- Content-Type vs magic byte mismatch exploitation
+- MIME type injection via crafted binary patterns
+- Test if MIME type affects server-side processing/execution
+- Attempt to trigger unsafe file operations via MIME confusion
+- Chain MIME detection with other features (burn-after-read, encryption)
+
 ### 3. CryptoAudit Agent
 **Purpose:** Analyze cryptographic implementations
 **Scope:**