keepsecure labs is an application security research lab. We publish vulnerability analyses, tool assessments, and detection research for security and engineering teams that want a practitioner's read on the CVEs that matter.
Close the gap between what's published in a CVE advisory and what a defender can do with it by Monday morning.
Independent research for the people who run AppSec programs. No sponsor gates, no paywall on the core analyses. Written by practitioners with a decade on the defender side.
A small team of application-security engineers who've spent the last decade running AppSec programs at scale. Individual bylines will come as the team gets comfortable being public; in the meantime, our research speaks for itself in the hub.
No. It's an independent research lab. The output is published analyses — not engagements. We occasionally take a small number of paid advisory projects each year when the problem is a good fit; those are not the business model. See Contact for details.
A small team of application-security engineers. Current public byline is the GitHub handle falco365. Additional named contributors will appear as team members get comfortable being public.
Yes, free. No paywall on the analyses. No email gate, no account required. The Hub is the primary output and stays open.
Yes. Detection rules, hunt queries, and reproducer scripts live in the keepsecure-labs/artifacts repo under Apache-2.0. IOCs are facts and not copyrightable. Each post with artifacts links straight to its folder.
Weekly. Monday-ish. The Hub is the feed; recent analyses are surfaced on the homepage and in the JSON feed.
Yes — both offensively (malicious model files, agent hijacking, prompt-injection paths, MLOps tooling abuse) and defensively (agent permissions, prompt-injection guardrails, model-file validation, MLOps access boundaries). See Offensive and Defensive research scope.
Yes. Attribution appreciated — link to the canonical URL at https://keepsecure.io/hub/<slug>. For LLM ingestion, a structured feed is at /llms.txt and the full text at /llms-full.txt.
Not as a product. Our research is the public output. We occasionally take advisory work — describe the problem on Contact and we'll tell you honestly whether it fits.