Research
Research
We're an applied AI lab focused on software security.
From security and AI experts at
Raising the bar on security. We invest in research because better performing models lead to stronger security for our customers.
We find and report real vulnerabilities in open source projects to help secure the software ecosystem.
-
The Masked Namespace Vulnerability In Temporal CVE-2025-14986
Feb 5, 2026 -
1-Click RCE To Steal Your OpenClaw Data and Keys (CVE-2026-25253)
Feb 1, 2026 -
ALPC You Later: CVE-2025-64721 Sandbox Escape Smashing The Heap Over IPC
Dec 23, 2025 -
Our Approach to Coordinated Vulnerability Disclosure
Dec 5, 2025 -
Agent Capability Is a System Design Problem: Lessons From a 90% Improvement on CyberGym
Nov 24, 2025 -
Esbuild's XSS Bug that Survived 5 Billion Downloads and Bypassed HTML Sanitization
Nov 20, 2025 -
Anatomy of an Automated Patch: Fixing a File Upload RCE CVE-2025-59304
Nov 6, 2025 -
Casting a Net(ty) for Bugs, and Catching a Big One (CVE-2025-59419)
Oct 20, 2025 -
How An Authorization Flaw Reveals A Common Security Blind Spot: CVE-2025-59305 Case Study
Sep 30, 2025
openclaw
1-click rce via gatewayUrl
CVE-2026-25253
chrome v8
type confusion
CVE-2026-4457
chrome devtools
object lifecycle issue
CVE-2026-3539
swetrix
rce via dir traversal
CVE-2025-59304
netty
smtp injection
CVE-2025-59419
langfuse
dos
CVE-2025-59305
sandboxie
sbox escape via heapo
CVE-2025-64721
temporal
cross-tenant metadata read, policy bypass
CVE-2025-14986