AppSec
research lab

Weekly analyses of the vulnerabilities, exploits, and attack patterns that matter — what the bug is, who's exposed, and what to do about it before Monday. We track what attackers are doing, not what scanners flag.

Read the hub

research threads

What we research

Three threads: offensive, defensive, and in-the-wild exploits — published weekly in the hub.

Offensive research

How attackers break production software. Browser zero-days, CI/CD injection, AI supply chain, management-plane bypasses.

In the wild exploits

CVEs under active exploitation, threat-actor campaigns, emerging threats. What dropped, who's exposed, what to do before Monday.

Defensive research

What defenders should do about what offensive research surfaces. Detection engineering, AI agent guardrails, AppSec program gaps.

5M+

Findings analyzed

20+

Teams we've worked with

80K+

Scans reviewed per month

700+

Detection rules designed

the team's track record

Decade-scale AppSec experience

Cumulative across our security engineers' careers — findings analyzed, scans reviewed, rules shipped in production. The experience we bring into the research.

Explore defensive research

Integrations

Tools we study

Our analyses cover the behavior, blind spots, and detection coverage of commercial and open-source security tools — so readers know what each one sees.