Adversarial research and offensive security on AI and agent systems, supply chains, and modern web and cloud-native targets. Deep manual work. Quiet output.
Apple
PayPal
Yahoo
deptofdefense U.S. Dept Of Defense
AT&T
Recorded Future
T-Mobile
Microsoft
META
Vulnerability research, exploitation writeups, and notes from the field. New posts most weeks.
There's no single best way to do research with Claude. There are three. Here's the honest breakdown of when each one actually wins — and the research skill I built to make Claude Code the most rigorous of all.
Read more →First writeup after years of silence. The story of one bug on a small exchange that changed how I hunt, and opened the door to many vulnerabilities across the biggest names in tech.
Read more →Vendors who acknowledged our coordinated vulnerability disclosures.
Apple Security Researcher Hall of Fame: January, February, March 2026 (consecutive). 28+ vulnerabilities reported across Apple web properties. Goal: full-year …
Web Application
Multiple vulnerabilities reported through PayPal's bug bounty program on HackerOne.
Web Application
Vulnerabilities reported through Meta's bug bounty program.
Web ApplicationIf you're a vendor we tested or a researcher with a coordinated-disclosure question, send it over PGP. We respond within 24 hours.