blog

• RCE in one of the biggest open source AI tool platforms ever? Coming soon..2026-03-15

  Remote code execution in a major open source AI platform—writeup and disclosure coming soon.

  coming soon
• PostgreSQL multi-tenant vuln (coming soon)2026-03-05

  Writeup on a PostgreSQL vulnerability in multi-tenant deployments, from discovery to exploit chain. Coming soon.

  coming soon
• The Great Firewall of Privacy: Unmasking the "Einsia.ai" Research Agent2026-02-19

  A multi-week technical audit of Einsia—an AI research assistant for Overleaf—reveals an opaque pipeline for sensitive, unpublished research data, obfuscated code, and infrastructure tied to Chinese research entities.

• Can AI stop C2 exfiltration before it happens?2025-12-10

  Exploring whether models can spot and kill command-and-control exfiltration before the first byte leaves the box. Coming soon.

  coming soon
• A keylogger, an LLM framework, and a supply-chain lesson I won't forget2025-10-29

  A writeup on how "plug-and-play" LLM tooling can become an exfiltration surface if you treat dependencies like trusted code. Defensive takeaways and audit snippets included.