VULNARY
Adversarial AI · Offensive Security

Adversarial by design.

Proof, not probability: the one exploit that should keep you awake, the fix that lets you sleep, and an adversary of our own that never stops Hunting.

200+ offensive engagements 15+ CVEs in critical infrastructure Black Hat speaker Google & Samsung Hall of Fame BMW · Cisco · ICS/SCADA LLM red-team at scale RUSI Frontier AI Taskforce
SCROLL
01 · PRODUCTIZED

The researcher that never sleeps.

A scheduled pentest is a snapshot: true the day it ships, stale by the next deploy. The Resident is our autonomous researcher that never stops looking — one operator that works your stack in three modes: white-box code review, red-team, and black-box pentest. It watches 24/7, proves what's exploitable, writes it up, and compounds a private knowledge base your team actually keeps.

  • Fully managed. We run it: nothing to deploy, no box to babysit. You just read the findings.
  • It does the work. Reverse-engineers binaries in its own sandbox, implements papers in code, publishes original CVEs.
  • Self-healing. Writes its own patches when it breaks, reprograms and redeploys itself.
  • Upskills your team and reduces reliance on outside firms: the cure, not just the alarm.
live · resident@client-prod · unattended
VerdictAny vuln, proven Code ReviewYour code, exploited PentestFull kill-chain
Proof EngineOn your side — verify another firm's pentest
Three on offense · one on your side
HOW IT WORKS

One researcher. No off switch.

Point it at your attack surface and it runs the whole loop itself: studying your code, systems and models, building the exploit, proving it, then writing up the fix. Around the clock, with no one in the chair.

then it begins again, continuous · unattended
02 · CVE RECONSTRUCTION SAMPLES

From CVE to exploit.

Every one below the Resident reconstructed on its own: from a published CVE to a live, verified exploit in an isolated lab, unattended, with a reproducible proof. Different languages, different bug classes, up to a heap overflow in nginx that only an AddressSanitizer build could even see. The same outcome every time: a working exploit, not a maybe.

Credit where it's due: these CVEs were found and disclosed by others. We didn't discover them; we rebuilt them. Each one reconstructed from source into a working, verified exploit, to prove a single point: hand us any vulnerability, public or private, ours or not, and we give you the exploit that proves it lands.

CVE-2026-42945
NGINX
heap overflow (C)
OOB write · ASAN-proven · live-verified
CVE-2026-48907
Joomla JCE
unrestricted upload (PHP)
unauth RCE · live-verified
CVE-2026-34197
Apache ActiveMQ
xbean code injection (Java)
RCE · live-verified
CVE-2026-33439
ForgeRock OpenAM
Java deserialization
unauth RCE · live-verified
CVE-2025-24893
XWiki
SSTI (Groovy)
unauth RCE · live-verified
CVE-2022-46169
Cacti
command injection
unauth RCE · live-verified
CVE-2024-36401
GeoServer
eval / code injection
unauth RCE · live-verified
CVE-2026-45695
Kopia
SSH ProxyCommand injection
unauth RCE · live-verified
CVE-2025-3248
Langflow
code injection (Python)
unauth RCE · live-verified
CVE-2025-29927
Next.js
middleware auth bypass (JS)
auth bypass · live-verified
CVE-2021-43798
Grafana
path traversal (Go)
arbitrary file read · live-verified
working on a hunt…
the next proof is already in the lab
Each exploit was developed and verified against an isolated, dedicated instance under coordinated-disclosure norms. We reconstruct the vulnerability, prove it lands, and hand you the fix that closes it.
03 · PROOF

Receipts, not résumés.

Proof over probability, for twenty years. Every entry below is a real exploit we built and the fix that ended it.

0+
Years adversarial
0+
Offensive engagements
0+
CVEs · critical infra
2×
Hall of Fame
Selected CVEs & advisories
CVE-2017-9212BMW ConnectedDrive: remote vehicle access & control
CVE-2014-3341Cisco NX-OS Nexus 5000/6000: authentication bypass
ICSA-20-154-05Grid Solutions Reason RT clocks: grid-timing flaws
ICSA-16-278-01INDAS web SCADA: water / utility control systems
Stage & recognition
2020Black Hat USA: AutoGadgetFS, USB attack toolkit
2026CSA AI Summit: AI coding-assistant governance
·RUSI: Secure Access to Frontier AI Taskforce
2013Google Hall of Fame · Samsung Hall of Fame
·GitHub Bug Bounty · CSCAMP
The arsenal · instruments we built
Autonomous Agent
The Resident
A fully autonomous LLM that operates a live public site end-to-end — researching, building, publishing, self-healing, unattended — and runs full offensive engagements on its own: autonomous penetration tests, code security reviews, and CVE reconstructions.
Desktop Intelligence
CORTEX · ADI
The Autonomous Desktop Intelligence category: 680+ automations, OS-level control, distributed agents over mutual-TLS BokiSwarm.
Code Review
CodeVerdict
Multi-agent code review that maps an entire codebase, reasons across call-flows, and proves each finding with a working exploit, not just a warning.
Secure Vibe-Coding
VibeGuard
An open-source MCP server that gives any AI coding assistant a security and architecture consultant to call BEFORE it writes the code: human-authored guidance on secure patterns, anti-patterns, and language gotchas, so the model ships safe, well-architected code on the first try instead of the insecure default.
04 · OUR PLATFORMS

Three on offense.
One on your side.

Verdict
Any vulnerability, proven.
A CVE, a finding, a hunch — Verdict reconstructs it from source or binary into a live, working exploit in an isolated lab, then writes the fix. No maybes.
  • source or binary
  • live, reproducible exploit
  • a trace per claim
  • the fix that closes it
Explore Verdict →
Code Review
Your codebase, exploited.
Point it at a repo — ZIP or GitHub. It maps the whole codebase, reasons across call-flows, and proves each finding with a working exploit, not a scanner warning.
  • ZIP or GitHub
  • whole-repo call-flow
  • proven, not flagged
  • false-positives dropped
Explore Code Review →
Pentest
The full kill-chain.
Autonomous penetration testing that walks web, network, application and the AI/agent layer end to end — foothold to impact — and proves the path, not a list of doors.
  • web & network
  • AI / agent layer
  • chained to impact
  • scope-gated
Explore Pentest →
On your side
The Proof Engine
The three above go on offense for you. This one keeps your other vendors honest. Bring a pentest report from another firm — we reproduce every finding into a working exploit, re-walk the scope, and hand you an independent verdict: what's real, what's inflated, what they missed. Your advocate, not your vendor.
8/11reproduced
2criticals missed
See the Proof Engine →
05 · THE TERMS

Fixed price. No sales hassle.

A premium pentest takes weeks, and a scoping call before anyone will even quote you. Ours is fixed-price, starts this week, and lands a reproducible exploit, not a maybe. Priced about a third under the machine-only platforms, with a named adversary who signs the report.

By the hour
Probe
$200/hr
per hour · no minimum
A direct line to a principal offensive-security & AI engineer, billed by the hour. One target, one model, one question — scoped as small as you need.
  • Security code review & focused penetration testing
  • Offensive AI & LLM/agent red-team: jailbreaks, prompt injection, model extraction
  • Reverse engineering, exploit & proof-of-concept development
  • Reproducible PoC and the fix that kills it
  • Under NDA · your data stays yours
principal-grade hands, billed by the hour
Start a Probe
Two weeks
Sprint
$7,500
two weeks · resident + principal
A fixed two-week engagement. The Resident works your target around the clock while a principal offensive engineer steers it, verifies every finding, and signs the report.
  • Security code review and focused penetration testing
  • Offensive AI and LLM or agent red-team: jailbreaks, prompt injection, model extraction
  • Reverse engineering, exploit and proof-of-concept development
  • Reproducible PoC and the fix that kills it
the Resident's reach, a principal's judgment
Book a Sprint
One month
Campaign
$15,000
one month · resident + principal
A full month across the whole attack surface. Deeper coverage, broader scope, sustained pressure, and a private knowledge base that compounds with every run.
  • Everything in Sprint, sustained for a month
  • Broader attack surface and chained, multi-step findings
  • Weekly exploit-validated reporting, not a single drop
  • A private knowledge base that compounds
depth the machine-only platforms cannot reach
Book a Campaign
Enterprise · Full-time
The Resident, full-time
Let's talk
enterprise · continuous coverage
Fully managed and dedicated to your attack surface full-time, with a principal owner on the loop — continuous, exploit-validated coverage that never sleeps. Nothing to host, nothing to babysit.
  • Continuous coverage, fully managed
  • A named adversary on the loop, always
  • A compounding private knowledge base
  • Dedicated capacity, priced for the engagement
vs continuous platforms at €35k+/yr
Contact us
Engagements are fixed-price and scoped up front. The hourly rate is indicative — it tracks market demand and prevailing market rates, and is confirmed in writing before any work begins.
06 · THE SIGN OFF

The industry sells confidence. We sell the opposite: the one exploit that should keep you awake, and then the fix that lets you sleep. The asymmetry has always favored the attacker. Flipping it back is the only reason we exist.

VULNARY
07 · ENGAGE

Put your defenses
to the proof.

Fixed-price. Under NDA. We start by trying to break it.

VULNARYEST. 2026
hello@vulnary.com
the cure for vulnerabilities, not just the alarm
Start an engagement →