Vulnerability Research

Zero DayResearch

We don't just run scanners. Our researchers discovered a CVSS 10 vulnerability and wrote the first working exploit using AI before anyone else in the world — that's the research we bring to your products.

  • AI-Powered Research
  • Published CVEs
  • Responsible Disclosure
CVSS v3.1 Base ScoreDisclosed
10.0out of 10.0
CRITICALCVE-2025-32433Erlang/OTP SSH RCE · first public PoC worldwide
NONELOWMEDIUMHIGHCRITICAL

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

First public PoC written with AI-accelerated fuzzing of malformed packets

// By The Numbers

A Decade Of Breaking Things First

0110+Years of Research
0230+Zero-Days Found
03100%Responsible Disclosure
04$2M+Bug Bounties Earned

// Research Focus

What We Research

From enterprise web platforms to embedded firmware to agricultural equipment, we hunt for vulnerabilities across the full technology stack.

Web Frameworks & CMS

Vulnerabilities in enterprise web platforms, content management systems, and server-side frameworks.

  • Sitecore CMS
  • CraftCMS
  • .NET Framework

ICS / OT & SCADA

Industrial control systems, SCADA, and operational technology where a single flaw can halt production or put physical safety at risk.

  • PLCs & HMIs
  • SCADA protocols
  • OT networks

IoT & Embedded Systems

Router firmware, connected devices, and hardware security research including UART, SPI, and JTAG analysis.

  • CVE-2022-45551
  • ZBT Router RCE

AgTech & Industrial

Agricultural technology, farming equipment, and industrial control systems security research.

  • Tractor systems
  • Farming equipment
  • Military rovers

AI-Assisted Research

Leveraging AI for fuzzing, exploit development, and vulnerability discovery, finding bugs faster than traditional methods.

  • CVE-2025-32433
  • First-to-PoC

Custom Targets

Targeted vulnerability research for specific software or hardware in your environment. We hunt for what matters to you.

  • Client-specific research
  • Vendor dependencies

// Published Research

Real CVEs, Real Impact

Real CVEs. Real impact. Our research protects millions of users worldwide.

CRITICALCVSS 10.0

CVE-2025-32433

Erlang/OTP SSH

AI-Generated First PoC

Our team used AI to create the first working exploit for this CVSS 10 vulnerability before any public PoCs existed. This research made international news.

Remote Code Execution
CRITICALCVSS 9.8

CVE-2022-45551

ZBT WE1626 Router

Unauthenticated RCE

Unauthenticated remote code execution via WGET command injection, allowing complete device takeover without authentication.

Remote Code ExecutionRead
HIGHCVSS 7.0+

Multiple CVEs

Web Frameworks

CMS & Framework Vulnerabilities

Multiple vulnerabilities discovered in enterprise content management systems and web frameworks including Sitecore and CraftCMS.

Various

// Methodology

How We Find Zero-Days

Our researchers combine cutting-edge AI techniques with deep manual analysis to discover vulnerabilities that automated tools miss.

AI-Assisted Fuzzing

Custom AI models that generate targeted test cases, analyze crashes, and accelerate exploit development.

Source Code Review

Manual analysis of open-source and decompiled code to find logic flaws and security vulnerabilities.

Binary Reversing

IDA Pro, Ghidra, and dynamic analysis of compiled software to understand behavior and find bugs.

Protocol Analysis

Custom protocol dissection, state machine analysis, and network traffic inspection.

Hardware Hacking

UART, SPI, JTAG interfaces for firmware extraction, analysis, and hardware security testing.

Exploit Development

Proof-of-concept creation to demonstrate real-world impact and exploitability.

// Why PlatformSecurity

Why Our Research

We don't just find vulnerabilities. We find them first, disclose them responsibly, and help you understand the real risk.

Cutting-edge techniques

AI-First Approach

We leverage AI to find vulnerabilities faster than traditional methods. First in the world to PoC CVE-2025-32433.

Proven track record

Real CVEs, Real Impact

Published advisories with a 100% responsible disclosure track record. Our research protects millions of users.

Full-stack expertise

Hardware + Software

From web apps to embedded firmware to agricultural equipment. We research the full technology stack.

Tailored to you

Custom Research Programs

Targeted research on the products in YOUR environment. Find vulnerabilities in your vendor dependencies before attackers do.

Responsible disclosure

Disclosure Partners

We work with vendors and security response teams to ensure patches are available before public disclosure.

Proof, not speculation

Working Exploits, Not Theory

Every finding ships with a proof-of-concept that demonstrates real impact, so you prioritize on hard evidence instead of CVSS guesswork.

Want Us Hunting for You?

We offer targeted vulnerability research for specific products in your environment: a critical vendor dependency, your own software, or IoT devices in your infrastructure. We'll find what automated tools miss.