Vulnerability Research
Zero DayResearch
We don't just run scanners. Our researchers discovered a CVSS 10 vulnerability and wrote the first working exploit using AI before anyone else in the world — that's the research we bring to your products.
- AI-Powered Research
- Published CVEs
- Responsible Disclosure
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- None
- Scope
- Changed
- Confidentiality
- High
- Integrity
- High
- Availability
- High
First public PoC written with AI-accelerated fuzzing of malformed packets
// By The Numbers
A Decade Of Breaking Things First
// Research Focus
What We Research
From enterprise web platforms to embedded firmware to agricultural equipment, we hunt for vulnerabilities across the full technology stack.
Web Frameworks & CMS
Vulnerabilities in enterprise web platforms, content management systems, and server-side frameworks.
- Sitecore CMS
- CraftCMS
- .NET Framework
ICS / OT & SCADA
Industrial control systems, SCADA, and operational technology where a single flaw can halt production or put physical safety at risk.
- PLCs & HMIs
- SCADA protocols
- OT networks
IoT & Embedded Systems
Router firmware, connected devices, and hardware security research including UART, SPI, and JTAG analysis.
- CVE-2022-45551
- ZBT Router RCE
AgTech & Industrial
Agricultural technology, farming equipment, and industrial control systems security research.
- Tractor systems
- Farming equipment
- Military rovers
AI-Assisted Research
Leveraging AI for fuzzing, exploit development, and vulnerability discovery, finding bugs faster than traditional methods.
- CVE-2025-32433
- First-to-PoC
Custom Targets
Targeted vulnerability research for specific software or hardware in your environment. We hunt for what matters to you.
- Client-specific research
- Vendor dependencies
// Published Research
Real CVEs, Real Impact
Real CVEs. Real impact. Our research protects millions of users worldwide.
CVE-2025-32433
Erlang/OTP SSH
AI-Generated First PoC
Our team used AI to create the first working exploit for this CVSS 10 vulnerability before any public PoCs existed. This research made international news.
CVE-2022-45551
ZBT WE1626 Router
Unauthenticated RCE
Unauthenticated remote code execution via WGET command injection, allowing complete device takeover without authentication.
Multiple CVEs
Web Frameworks
CMS & Framework Vulnerabilities
Multiple vulnerabilities discovered in enterprise content management systems and web frameworks including Sitecore and CraftCMS.
// Methodology
How We Find Zero-Days
Our researchers combine cutting-edge AI techniques with deep manual analysis to discover vulnerabilities that automated tools miss.
AI-Assisted Fuzzing
Custom AI models that generate targeted test cases, analyze crashes, and accelerate exploit development.
Source Code Review
Manual analysis of open-source and decompiled code to find logic flaws and security vulnerabilities.
Binary Reversing
IDA Pro, Ghidra, and dynamic analysis of compiled software to understand behavior and find bugs.
Protocol Analysis
Custom protocol dissection, state machine analysis, and network traffic inspection.
Hardware Hacking
UART, SPI, JTAG interfaces for firmware extraction, analysis, and hardware security testing.
Exploit Development
Proof-of-concept creation to demonstrate real-world impact and exploitability.
// Why PlatformSecurity
Why Our Research
We don't just find vulnerabilities. We find them first, disclose them responsibly, and help you understand the real risk.
AI-First Approach
We leverage AI to find vulnerabilities faster than traditional methods. First in the world to PoC CVE-2025-32433.
Real CVEs, Real Impact
Published advisories with a 100% responsible disclosure track record. Our research protects millions of users.
Hardware + Software
From web apps to embedded firmware to agricultural equipment. We research the full technology stack.
Custom Research Programs
Targeted research on the products in YOUR environment. Find vulnerabilities in your vendor dependencies before attackers do.
Disclosure Partners
We work with vendors and security response teams to ensure patches are available before public disclosure.
Working Exploits, Not Theory
Every finding ships with a proof-of-concept that demonstrates real impact, so you prioritize on hard evidence instead of CVSS guesswork.
// From our blog
Related Research
ZBT WE1626 Router CVE Disclosures
Three critical vulnerabilities in the ZBT WE1626 including unauthenticated RCE and UART access.
Read PostML Evasion Attacks: How Adversaries Trick AI
White-box, gray-box, black-box, and transfer-based evasion attacks on machine learning models.
Read PostLittle Bug, Big Impact: $25K Bounty
How hardcoded Stripe API keys in JavaScript source maps led to a critical finding and $25K bounty.
Read PostWant Us Hunting for You?
We offer targeted vulnerability research for specific products in your environment: a critical vendor dependency, your own software, or IoT devices in your infrastructure. We'll find what automated tools miss.