LATEST edgee · new advisory · patched <7h

LLMs ship the same bugs to everyone.
I find them on yours.

Vulnerability research and one-week hand-driven audits. Fixed price from $1,500. Refund if no High or Critical surfaces within 3 days.

See the audit Email me your URL
2 CVEs
3 GHSAs
<7h patch SLA
100% credited
per month

Research log · 5 entries

  1. 2026-06-01 edgee HIGH EMBARGOED Trust-elevation in an AI gateway: one unanchored regex turned tool output into harness reminders
  2. 2026-05-22 postiz CRITHIGHMED JWT confused-deputy: one Skool cookie became SUPERADMIN on a social-scheduling SaaS →
  3. 2026-05-06 clicky CRITHIGH Unauthenticated RCE on an unsandboxed macOS AI assistant via SSE tool-call injection →
  4. 2026-05-04 outrank.so HIGH Supabase RLS quota bypass and unauthenticated Notion OAuth state forgery on an SEO SaaS →
  5. 2026-04-01 parakeetai HIGH EMBARGOED Coordinated disclosure on an AI interview assistant — writeup embargoed until August 2026

All writeups → · published after coordinated disclosure or a 7-day non-response window.

Thesis

Why AI-coded SaaS breaks differently

LLMs don't invent novel bugs — they repeat the same trust-boundary mistakes across every codebase they touch. The eight classes below show up over and over in the audits and writeups above.

Full taxonomy with detection recipes: the 12-class checklist →

Audits

Same lens, your codebase.

Price
From $1,500 fixed. No hourly.
Finding promise
High or Critical within 3 days, or full refund.
Delivery
Report + threat model + re-test by end of week.
Capacity
Two audits per month. Solo, hand-driven.

Deliverables, scope, methodology →

Get started

Send me your URL.

One sentence on what your app does. I'll reply with whether I see something worth a closer look. Free, no NDA needed at this stage.

[email protected]