Offensive security research

Wir finden, was andere übersehen.

Deep reconnaissance and adversarial research across your entire attack surface: the exposed infrastructure, AI and agent systems, supply chains, and cloud-native targets others miss. Deep manual work. Quiet output.

Coordinated disclosure Independent research
Track record
0+ Vulnerabilities disclosed
0+ Organizations secured
0% Responsible disclosure

We find bugs in names you know.

A few of the companies whose products we've broken, reported, and helped fix.

Apple
Grab
Tools for Humanity
Amazon
Visa
inDrive
PayPal
Yahoo
deptofdefense U.S. Dept Of Defense
AT&T
Recorded Future
T-Mobile
Microsoft
META
and others

The surfaces most firms won't touch.

We don't run a scanner and hand you the output. We map what's reachable, read the code, understand the logic, and reason our way to impact.

01

Attack surface & infrastructure

Finding what you don't know is exposed. We map your entire internet-facing footprint with deep reconnaissance, surfacing forgotten subdomains, shadow IT, staging and admin panels, exposed APIs, and misconfigured services that were never meant to be reachable, then prove what an attacker does with them.

attack-surfacereconexposed-assets
02

AI & agent security

Breaking models and the agents around them. Prompt-injection into tool-calling chains, agent privilege escalation, jailbreaks that reach real systems, and trust boundaries no one ever drew on the diagram.

prompt-injectiontool-abuseagent-escalation
03

Supply-chain compromise

Compromising the thing that builds the thing. Dependency and build-pipeline attacks, artifact tampering, and the quiet trust every CI system extends to code it never really read.

ci/cddependency-confusionartifact-tamper
04

Web & cloud-native

Where the logic bends, we push. Business-logic flaws, multi-tenant isolation breaks, IDORs that chain to account takeover, and cloud misconfigurations that hand over the keys.

idormulti-tenantcloud-misconfig
read. understand. break.
Disclosure

Found something? Reach out encrypted.

If you're a vendor we tested or a researcher with a coordinated-disclosure question, send it over PGP. We respond within 24 hours.