VULNARY
Let's talk
Adversarial AI · Offensive Security

Adversarial by design.

Proof, not probability: the one exploit that should keep you awake, the fix that lets you sleep, and an adversary of our own that's always hunting.

200+ offensive engagements 15+ CVEs in critical infrastructure Black Hat speaker Google & Samsung Hall of Fame BMW · Cisco · ICS/SCADA LLM red-team at scale RUSI Frontier AI Taskforce Participants
SCROLL
01 · PRODUCTIZED

Your researcher.
Never off shift.

A scheduled pentest is a snapshot — true the day it ships, stale by the next deploy. The Resident is our autonomous offensive researcher: one managed operator that works your stack in three modes — white-box code review, red-team and black-box pentest — with the Proof Engine on your side. It runs deeper sweeps on a schedule you control, timed off-peak so they never touch production, proves what's actually exploitable, writes it up, and compounds a private knowledge base your team keeps.

  • Fully managed. We run it — nothing to deploy, no box to babysit. You just read the findings.
  • It does the work. Reverse-engineers binaries in its own sandbox, implements papers in code, publishes original CVEs.
  • Self-healing. Writes its own patches when it breaks, reprograms and redeploys itself.
  • Upskills your team and reduces reliance on outside firms: the cure, not just the alarm.
HOW IT WORKS

One researcher. Every sweep.

Point it at your attack surface and it runs the whole loop itself: studying your code, systems and models, building the exploit, proving it, then writing up the fix. Sweep after sweep, on the schedule you set, with no one in the chair.

then again on your next scheduled sweep · unattended
02 · CVE RECONSTRUCTION SAMPLES

From CVE to exploit.

Every one below the Resident reconstructed on its own: from a published CVE to a live, verified exploit in an isolated lab, unattended, with a reproducible proof. Different languages, different bug classes, up to a heap overflow in nginx that only an AddressSanitizer build could even see. The same outcome every time: a working exploit, not a maybe.

Credit where it's due: these CVEs were found and disclosed by others. We didn't discover them; we rebuilt them. Each one reconstructed from source into a working, verified exploit, to prove a single point: bring us a vulnerability, a published CVE or a finding on your own systems, and we reconstruct it into a working, verified exploit that proves it lands.

CVE-2026-42945 NGINX heap overflow OOB write · ASAN-proven · live
CVE-2026-42208 LiteLLM blind SQL injection unauth SQLi · pg_sleep-proven · live
CVE-2026-48907 Joomla JCE unrestricted upload unauth RCE · live
CVE-2026-34197 Apache ActiveMQ xbean code injection RCE · live
CVE-2026-33439 ForgeRock OpenAM Java deserialization unauth RCE · live
CVE-2025-24893 XWiki SSTI unauth RCE · live
CVE-2022-46169 Cacti command injection unauth RCE · live
CVE-2024-36401 GeoServer eval injection unauth RCE · live
CVE-2026-45695 Kopia ProxyCommand injection unauth RCE · live
CVE-2025-3248 Langflow code injection unauth RCE · live
CVE-2025-29927 Next.js middleware auth bypass auth bypass · live
CVE-2021-43798 Grafana path traversal file read · live
working on a hunt…
the next proof is already in the lab
Each exploit was developed and verified against an isolated, dedicated instance under coordinated-disclosure norms. We reconstruct the vulnerability, prove it lands, and hand you the fix that closes it.
03 · PROOF

Receipts, not résumés.

Proof over probability, for twenty years. Every entry below is a real exploit we built and the fix that ended it.

0+
Years adversarial
0+
Offensive engagements
0+
CVEs · critical infra
2×
Hall of Fame
Selected CVEs & advisories
CVE-2017-9212BMW ConnectedDrive: remote vehicle access & control
CVE-2014-3341Cisco NX-OS Nexus 5000/6000: authentication bypass
ICSA-20-154-05Grid Solutions Reason RT clocks: grid-timing flaws
ICSA-16-278-01INDAS web SCADA: water / utility control systems
Stage & recognition
2020Black Hat USA: AutoGadgetFS, USB attack toolkit
2026CSA AI Summit: AI coding-assistant governance
2013Google Hall of Fame · Samsung Hall of Fame
·GitHub Bug Bounty · CSCAMP
04 · OUR PLATFORMS

Three on offense.
One on your side.

On your side
The Proof Engine
The three above go on offense for you. This one keeps your other vendors honest. Bring a pentest report from another firm: we reproduce every finding into a working exploit, re-walk the scope, and hand you an independent verdict: what's real, what's inflated, what they missed. Your advocate, not your vendor.
8/11reproduced
2criticals missed
See the Proof Engine →
06 · THE SIGN OFF

The industry sells confidence. We sell the opposite: the one exploit that should keep you awake, and then the fix that lets you sleep. The asymmetry has always favored the attacker. Flipping it back is the only reason we exist.

VULNARY
07 · ENGAGE

Put your defenses
to the proof.

Fixed-price. Under NDA. We start by trying to break it.

VULNARYEST. 2026
hello@vulnary.com
the cure for vulnerabilities, not just the alarm
Start an engagement →