Adversarial AI · Offensive Security
Adversarial by design.
Proof, not probability: the exploit that works, the fix that ends it, and an adversary of our own that never sleeps.
200+ offensive engagements 15+ CVEs in critical infrastructure Black Hat speaker Google & Samsung Hall of Fame BMW · Cisco · ICS/SCADA LLM red-team at scale RUSI Frontier AI Taskforce
SCROLL
01 · PRODUCTIZED
The researcher that never sleeps.
A scheduled pentest is a snapshot: true the day it ships, stale by the next deploy. The Resident is our autonomous researcher that never stops looking: it watches your attack surface 24/7, proves what's exploitable, writes it up, and compounds a private knowledge base your team actually keeps.
- Fully managed. We run it: nothing to deploy, no box to babysit. You just read the findings.
- It does the work. Reverse-engineers binaries in its own sandbox, implements papers in code, publishes original CVEs.
- Self-healing. Writes its own patches when it breaks, reprograms and redeploys itself.
- Upskills your team and reduces reliance on outside firms: the cure, not just the alarm.
live resident@client-prod unattended
HOW IT WORKS
One researcher. No off switch.
Point it at your attack surface and it runs the whole loop itself: studying your code, systems and models, building the exploit, proving it, then writing up the fix. Around the clock, with no one in the chair.
YOUR TEAMsets the scope · the one human touch
YOUR ATTACK SURFACE
Codeapps & source
Systemsnetwork · cloud
ModelsLLMs · agents · pipelines
WHAT IT LEAVES BEHIND
Proven exploit + fixreproducible PoC
Private knowledge basecompounds · you keep it
patches & redeploys itself · unattended · 0 humans in the chair
02 · CVE RECONSTRUCTION SAMPLES
From CVE to exploit.
A sample of real CVEs we reconstructed from source and drove to a live, verified exploit in an isolated lab, end to end, with a reproducible proof. Different languages, different bug classes, the same outcome: a working exploit, not a maybe.
CVE-2026-42945
NGINX
heap overflow (C)
OOB write · ASAN-proven
CVE-2026-33439
ForgeRock OpenAM
Java deserialization
unauth RCE · live-verified
CVE-2025-24893
XWiki
SSTI (Groovy)
unauth RCE · live-verified
CVE-2022-46169
Cacti
command injection
unauth RCE · live-verified
CVE-2024-36401
GeoServer
eval / code injection
unauth RCE · live-verified
CVE-2026-45695
Kopia
SSH ProxyCommand injection
unauth RCE · live-verified
CVE-2025-3248
Langflow
code injection (Python)
unauth RCE · live-verified
CVE-2025-29927
Next.js
middleware auth bypass (JS)
auth bypass · live-verified
CVE-2021-43798
Grafana
path traversal (Go)
arbitrary file read · live-verified
Each exploit was developed and verified against an isolated, dedicated instance under coordinated-disclosure norms. We reconstruct the vulnerability, prove it lands, and hand you the fix that closes it.
03 · PROOF
Receipts, not résumés.
Proof over probability, for twenty years. Every entry below is a real exploit we built and the fix that ended it.
0+
Years adversarial
0+
Offensive engagements
0+
CVEs · critical infra
2×
Hall of Fame
Selected CVEs & advisories
CVE-2017-9212BMW ConnectedDrive: remote vehicle access & control
CVE-2014-3341Cisco NX-OS Nexus 5000/6000: authentication bypass
ICSA-20-154-05Grid Solutions Reason RT clocks: grid-timing flaws
ICSA-16-278-01INDAS web SCADA: water / utility control systems
Stage & recognition
2020Black Hat USA: AutoGadgetFS, USB attack toolkit
2026CSA AI Summit: AI coding-assistant governance
2013Google Hall of Fame · Samsung Hall of Fame
·GitHub Bug Bounty · CSCAMP
The arsenal · instruments we built
Autonomous Agent
The Resident
A fully autonomous LLM that operates a live public site end-to-end — researching, building, publishing, self-healing, unattended — and runs full offensive engagements on its own: autonomous penetration tests, code security reviews, and CVE reconstructions.
Desktop Intelligence
CORTEX · ADI
The Autonomous Desktop Intelligence category: 680+ automations, OS-level control, distributed agents over mutual-TLS BokiSwarm.
Code Review
CodeVerdict
Multi-agent code review that maps an entire codebase, reasons across call-flows, and proves each finding with a working exploit, not just a warning.
04 · THE PRACTICE
Four ways we make
failure impossible.
Offensive AI
AI & LLM Red-Teaming
You shipped AI faster than anyone could secure it. We apply nation-state-grade pressure to your models, agents and pipelines: prompt injection and jailbreaks at scale, model extraction, training-data poisoning, automated guardrail bypass. Then we hand you the prompt that owns the whole system before an attacker finds it.
- prompt injection
- jailbreak automation
- model extraction
- data poisoning
- adversarial ML
- agent abuse
Penetration
Offensive Security & Pentesting
A scanner finds the easy door; we walk the whole kill-chain through it: web, network, application, and the AI/agent layer most teams never test. Then we prove the path end to end, not in theory.
- web & network
- reverse engineering
- AI / agent attacks
- binary analysis
- red team ops
Research
Vulnerability Research & Exploit Dev
Risk scores start arguments. Working exploits end them. We discover the flaw, weaponize a proof-of-concept, and hand engineering the receipt, so the conversation is about evidence, not opinion.
- CVE discovery
- 0-day research
- weaponized PoC
- protocol fuzzing
- exploit dev
Architecture
AI Security Architecture & Due Diligence
Before you ship the model, or acquire the company that did. We threat-model the AI stack, hunt poisoned and biased training data, harden LLMOps and alignment, and quantify the security debt investors never see. We build the systems that make every attack above fail.
- LLMOps hardening
- alignment review
- M&A AI due diligence
- guardrail engineering
- mTLS / PKI
05 · THE TERMS
Fixed price. No sales hassle.
A premium pentest takes weeks, and a scoping call before anyone will even quote you. Ours is fixed-price, starts this week, and lands a reproducible exploit, not a maybe. Priced about a third under the machine-only platforms, with a named adversary who signs the report.
By the hour
Probe
$200/hr
per hour · no minimum
A direct line to a principal offensive-security & AI engineer, billed by the hour. One target, one model, one question — scoped as small as you need.
- Security code review & focused penetration testing
- Offensive AI & LLM/agent red-team: jailbreaks, prompt injection, model extraction
- Reverse engineering, exploit & proof-of-concept development
- Reproducible PoC and the fix that kills it
- Under NDA · your data stays yours
principal-grade hands, billed by the hour
Start a ProbeTwo weeks
Sprint
$7,500
two weeks · resident + principal
A fixed two-week engagement. The Resident works your target around the clock while a principal offensive engineer steers it, verifies every finding, and signs the report.
- Security code review and focused penetration testing
- Offensive AI and LLM or agent red-team: jailbreaks, prompt injection, model extraction
- Reverse engineering, exploit and proof-of-concept development
- Reproducible PoC and the fix that kills it
the Resident's reach, a principal's judgment
Book a SprintOne month
Campaign
$15,000
one month · resident + principal
A full month across the whole attack surface. Deeper coverage, broader scope, sustained pressure, and a private knowledge base that compounds with every run.
- Everything in Sprint, sustained for a month
- Broader attack surface and chained, multi-step findings
- Weekly exploit-validated reporting, not a single drop
- A private knowledge base that compounds
depth the machine-only platforms cannot reach
Book a CampaignEnterprise · Full-time
The Resident, full-time
Let's talk
enterprise · continuous coverage
The Resident embedded full-time on your attack surface, with a principal owner on the loop. Continuous, exploit-validated coverage that never sleeps.
- Continuous coverage, fully managed
- A named adversary on the loop, always
- A compounding private knowledge base
- Dedicated capacity, priced for the engagement
vs continuous platforms at €35k+/yr
Contact usEngagements are fixed-price and scoped up front. The hourly rate is indicative — it tracks market demand and prevailing market rates, and is confirmed in writing before any work begins.
06 · THE SIGN OFF
The industry sells confidence. We sell the opposite: the one exploit that should keep you awake, and then the fix that lets you sleep. The asymmetry has always favored the attacker. Flipping it back is the only reason we exist.
VULNARY
07 · ENGAGE
Put your defenses
to the proof.
Fixed-price. Under NDA. We start by trying to break it.
VULNARYEST. 2026
hello@vulnary.com
the cure for vulnerabilities, not just the alarm