Welcome. This repository serves as a public archive of my security research, auditing work, and responsible disclosures.
In an era where AI-driven development and rapid deployment cycles are the norm, the complexity of software creates subtle, high-impact vulnerabilities that automated tools often overlook. My focus is on Business Logic Errors, Architectural Flaws, and Supply Chain Security—the kind of bugs that require a human understanding of intent versus implementation.
I adhere to a strict Responsible Disclosure policy:
- Vulnerabilities are reported privately to the maintainers/vendors first.
- A reasonable timeframe (typically 90 days) is allowed for remediation.
- Full technical details are published here only after a patch is available or the deadline expires.
- Logic Flaws: Abusing legitimate workflows to achieve illegitimate outcomes.
- Race Conditions: Exploiting concurrency in high-load systems.
- AI/LLM Security: Analyzing prompt injection vectors and data leakage in AI-integrated apps.
“The security of a system is only as strong as its weakest assumption.”