[go: up one dir, main page]

AI hackers for enterprise.

We're a Swiss applied research lab, rebuilding cybersecurity for the AI era.

Anthropic Cyber Verification OpenAI Trusted Access Microsoft Security Advisors Program
Built for global enterprises and defense teams.

When failure is not an option, top engineers from all around the world review the vulnerabilities we find in open-source software and the Linux kernel.

NVIDIA IBM Intel Microsoft Meta Red Hat Google Qualcomm MediaTek Ericsson
Linux net/bluetooth
Bluetooth memory fix

We found and fixed a Bluetooth LE Audio lifetime bug in mainline Linux, where vendor and distro kernels inherit security updates.

Kernel commit
Linux net/tipc
Network lifetime fix

A Linux networking bug moved through upstream review and into the stable process distributions use for shipped kernels.

Kernel commit
Linux net/mac802154
Wireless decrypt fix

A wireless protocol flaw was patched in the upstream kernel path that embedded vendors and Linux distributions pull from.

Kernel commit
Linux net/nfc
NFC parser fix

An NFC parser bounds flaw was fixed upstream so downstream vendors can pull the patch into their shipped kernel trees.

Kernel commit
Linux net/nfc
NFC overflow fix

A proximity-triggered NFC stack overflow was patched upstream, with backporting requested for vendor kernel updates.

Kernel commit
paperclip·GHSA-47wq-cj9q-wpmpcriticaljsPDF·CVE-2026-31938criticaljsPDF·CVE-2026-31898highnode-forge·CVE-2026-33896highprotobuf.js·CVE-2026-44289highyaml·CVE-2026-33532mediummysql2highLiquidJS·CVE-2026-30952highjsonata·CVE-2026-52746highUptime Kuma·CVE-2026-33130mediumLinux · Bluetooth·mergedhighLinux · NFC LLCP·reportedhighLinux · NFC digital·reportedhighLinux · mac802154·reportedmedium
Let our army of AI agents hack your software, and secure it.
Multi-model architecture

Different AI agents attack, verify, and judge the same target from separate angles. When they agree, the finding gets stronger; when they disagree, the system keeps digging.

We saturated the benchmark

103 of 104 on XBOW, every solve backed by an auditable receipt. The benchmarks ran out of headroom, so we turned the engine on real software.

0-days, at the deepest levels of software

Most tools stop at the app layer. We’ve found multiple vulnerabilities in the Linux kernel, with fixes landing in mainline and our code running on billions of devices.

Agent-native by design

A closed, autonomous loop — recon, exploit, verify, report — that picks its next move from how the target responds.

Proven by exploitation

Every vulnerability is re-exploited from scratch. If the agent can't replicate the breach, it's discarded — not flagged for you to chase.

Verifiable, not vibes

Our benchmark methodology is auditable under NDA, and every result ships with replayable proof you can inspect. Trust the evidence, not the marketing.

How we protect 3,495,491,406 installations.
Step 1 · ScopeTell it a target.

Point it at a web app, API, package, repo, or AI agent — and set what's off-limits.

Step 2 · AttackIt tries to break in.

Injection, broken access, logic bugs, prompt injection — it goes after real ways in, like an actual attacker.

Step 3 · VerifyIt proves what's real.

Every finding is re-exploited from scratch. If it can't break the same way twice, it's thrown out.

Step 4 · TriageNo false alarms.

Duplicates and scanner noise are filtered out. You only see what actually works.

Step 5 · ProofYou get working proof.

A real exploit, the steps, and a script to replay it yourself — straight to your engineers.

End-to-end. On any software, black-box or white-box.
We break your software,
not your trust.
You set the rules

Every scan runs in an isolated sandbox, fenced to a scope you set — allowed hosts, rate limits, a kill switch. It can’t wander off-target.

Secrets stay sealed

Exploit proof exposes real secrets — we redact them and encrypt the rest per-org, opened only by you and logged on every access.

Your data stays yours

Strict per-org isolation. Your targets and findings never touch another customer — and never train someone else’s model.

Questions we answer before you ask.

Think you’re secure? Let’s see about that.