Research

We're an applied AI lab focused on software security.

From security and AI experts at Logos of companies our researchers come from

Raising the bar on security. We invest in research because better performing models lead to stronger security for our customers.

We find and report real vulnerabilities in open source projects to help secure the software ecosystem.

The Masked Namespace Vulnerability In Temporal CVE-2025-14986
Feb 5, 2026
1-Click RCE To Steal Your OpenClaw Data and Keys (CVE-2026-25253)
Feb 1, 2026
ALPC You Later: CVE-2025-64721 Sandbox Escape Smashing The Heap Over IPC
Dec 23, 2025
Our Approach to Coordinated Vulnerability Disclosure
Dec 5, 2025
Agent Capability Is a System Design Problem: Lessons From a 90% Improvement on CyberGym
Nov 24, 2025
Esbuild's XSS Bug that Survived 5 Billion Downloads and Bypassed HTML Sanitization
Nov 20, 2025
Anatomy of an Automated Patch: Fixing a File Upload RCE CVE-2025-59304
Nov 6, 2025
Casting a Net(ty) for Bugs, and Catching a Big One (CVE-2025-59419)
Oct 20, 2025
How An Authorization Flaw Reveals A Common Security Blind Spot: CVE-2025-59305 Case Study
Sep 30, 2025

openclaw

1-click rce via gatewayUrl

CVE-2026-25253

chrome v8

type confusion

CVE-2026-4457

chrome devtools

object lifecycle issue

CVE-2026-3539

swetrix

rce via dir traversal

CVE-2025-59304

netty

smtp injection

CVE-2025-59419

langfuse

dos

CVE-2025-59305

sandboxie

sandbox escape via heapo

CVE-2025-64721

temporal

cross-tenant metadata read, policy bypass

CVE-2025-14986

ffmpeg

heap overflow in mpegts demuxer

CVE-2026-39210

ffmpeg

integer overflow in swscale

CVE-2026-39211

ffmpeg

stack overflow via preset recursion

CVE-2026-39212

ffmpeg

heap overflow in yuv4mpeg encoder

CVE-2026-39213

ffmpeg

stack overflow in mpegts muxer

CVE-2026-39214

ffmpeg

heap overflow in h.263 encoder

CVE-2026-39215

ffmpeg

heap overflow in image2 muxer

CVE-2026-39216

ffmpeg

heap overflow in vp9 decoder

CVE-2026-39217

ffmpeg

heap overflow in dash demuxer

CVE-2026-39218

apache httpd

remote worker dos in mod_proxy_ftp

CVE-2026-44186

apache httpd

memory disclosure in mod_ssl ocsp

CVE-2026-4418

apache httpd

heap overflow in mod_xml2enc

CVE-2026-42536

apache httpd

integer overflow in mod_dav lock

CVE-2026-42528

apache httpd

heap overflow in mod_dav_fs

CVE-2026-42535

apache httpd

heap uaf in mod_proxy_html

CVE-2026-34355

apache httpd

heap overflow in regex name parser

CVE-2026-44631

linux kernel

heap overflow in x.509 cert parser

CVE-2026-31430

Research

Training State of the Art Vulnerability Discovery Agents through Reinforcement Learning

The Masked Namespace Vulnerability In Temporal CVE-2025-14986

1-Click RCE To Steal Your OpenClaw Data and Keys (CVE-2026-25253)

ALPC You Later: CVE-2025-64721 Sandbox Escape Smashing The Heap Over IPC

Our Approach to Coordinated Vulnerability Disclosure

Agent Capability Is a System Design Problem: Lessons From a 90% Improvement on CyberGym

Esbuild's XSS Bug that Survived 5 Billion Downloads and Bypassed HTML Sanitization

Anatomy of an Automated Patch: Fixing a File Upload RCE CVE-2025-59304

Casting a Net(ty) for Bugs, and Catching a Big One (CVE-2025-59419)

How An Authorization Flaw Reveals A Common Security Blind Spot: CVE-2025-59305 Case Study

See what autonomous security looks like