AI hackers for enterprise.

We're a Swiss applied research lab, rebuilding cybersecurity for the AI era.

Anthropic Cyber Verification OpenAI Trusted Access Microsoft Security Advisors Program

Built for global enterprises and defense teams.

When failure is not an option, top engineers from all around the world review the vulnerabilities we find in open-source software and the Linux kernel.

NVIDIA IBM Intel Microsoft Meta Red Hat Google Qualcomm MediaTek Ericsson
Linux net/bluetooth

Bluetooth memory fix

We found and fixed a Bluetooth LE Audio lifetime bug in mainline Linux, where vendor and distro kernels inherit security updates.

Kernel commit
Linux net/tipc

Network lifetime fix

A Linux networking bug moved through upstream review and into the stable process distributions use for shipped kernels.

Kernel commit
Linux net/mac802154

Wireless decrypt fix

A wireless protocol flaw was patched in the upstream kernel path that embedded vendors and Linux distributions pull from.

Kernel commit
Linux block/xen-blkfront

Block request fix

A split block-I/O double-completion was fixed in the upstream Linux block layer, applied by the block maintainer and flowing to mainline.

Kernel commit
Linux net/nfc

NFC parser fix

An NFC parser bounds flaw was fixed upstream so downstream vendors can pull the patch into their shipped kernel trees.

Kernel commit
Linux net/nfc

NFC overflow fix

A proximity-triggered NFC stack overflow was patched upstream, with backporting requested for vendor kernel updates.

Kernel commit
paperclip·GHSA-47wq-cj9q-wpmpcriticaljsonata·GHSA-8gq3-vp5j-2grpcriticaljsPDF·CVE-2026-31938criticaljsPDF·CVE-2026-31898highnode-forge·CVE-2026-33896highprotobuf.js·CVE-2026-44289highyaml·CVE-2026-33532mediummysql2highLiquidJS·CVE-2026-30952highjsonata·CVE-2026-52746highUptime Kuma·CVE-2026-33130mediumWireshark·CVE-2026-15164mediumLinux · Bluetooth·mergedhighLinux · TIPC·mergedhighLinux · mac802154·mergedmediumLinux · mlx5e MACsec·mergedhighLinux · xen-blkfront·appliedmediumLinux · NFC LLCP·reportedhighLinux · NFC digital·reportedhigh

Let our army of AI agents hack your software, and secure it.

Multi-model architecture

Different AI agents attack, verify, and judge the same target from separate angles. When they agree, the finding gets stronger; when they disagree, the system keeps digging.

We saturated the benchmark

103 of 104 on XBOW, every solve backed by an auditable receipt. The benchmarks ran out of headroom, so we turned the engine on real software.

0-days, at the deepest levels of software

Most tools stop at the app layer. We’ve found multiple vulnerabilities in the Linux kernel, with fixes landing in mainline and our code running on billions of devices.

Agent-native by design

A closed, autonomous loop — recon, exploit, verify, report — that picks its next move from how the target responds.

Proven by exploitation

Every vulnerability is re-exploited from scratch. If the agent can't replicate the breach, it's discarded — not flagged for you to chase.

Verifiable, not vibes

Our benchmark methodology is auditable under NDA, and every result ships with replayable proof you can inspect. Trust the evidence, not the marketing.

How we protect 3,533,070,480 installations.

Step 1 · Scope

Tell it a target.

Point it at a web app, API, package, repo, or AI agent — and set what's off-limits.

Step 2 · Attack

It tries to break in.

Injection, broken access, logic bugs, prompt injection — it goes after real ways in, like an actual attacker.

Step 3 · Verify

It proves what's real.

Every finding is re-exploited from scratch. If it can't break the same way twice, it's thrown out.

Step 4 · Triage

No false alarms.

Duplicates and scanner noise are filtered out. You only see what actually works.

Step 5 · Proof

You get working proof.

A real exploit, the steps, and a script to replay it yourself — straight to your engineers.

End-to-end. On any software, black-box or white-box.

We break your software,
not your trust.

You set the rules

Every scan runs in an isolated sandbox, fenced to a scope you set — allowed hosts, rate limits, a kill switch. It can’t wander off-target.

Secrets stay sealed

Exploit proof exposes real secrets — we redact them and encrypt the rest per-org, opened only by you and logged on every access.

Your data stays yours

Strict per-org isolation. Your targets and findings never touch another customer — and never train someone else’s model.

Questions we answer before you ask.

Think you’re secure? Let’s see about that.