VULNARY
Let's talk
Company · About

Proof, not paperwork.

Most security tools hand you an alarm. We hand you the exploit that proves the door was open — and then we help you shut it.

200+offensive engagements
15+CVEs in critical infrastructure
Black Hatspeaker
Google · SamsungHall of Fame

The problem we exist to fix

The security industry has a credibility problem. A typical penetration test ends in a PDF full of "criticals" that never get reproduced, severities copied from a scanner, and findings that fall apart the moment someone asks "can you actually exploit that?" Teams drown in alerts they can't rank and can't trust. That's an alarm, not a cure.

Vulnary was built to close that gap. We don't report a vulnerability until we've turned it into a working, reproducible exploit against the real target. If it can't be proven, it doesn't go in the report — and if it can, you get the receipts.

How we work

Every engagement runs the same disciplined pipeline: build, review, scrutinize, exploit, verify. Two forces drive it:

The Resident

Our autonomous offensive-security engine. It reasons about a target, root-causes the bug, writes the exploit, and proves it live — recording every step so you can watch it work.

The bench

A vetted roster of elite human operators — exploit developers, red-teamers, reviewers. When an engagement outgrows automation, we reach for people we already trust, not headcount we scramble to hire.

Enforced scope

Authorization comes first and scope is enforced by the runner, not merely advised. We hold ourselves to the standard we test everyone else against.

What we do

What we believe.

01

Proof over probability

A risk score is a guess; a working exploit is a fact. We only report what we can prove.

02

Adversarial by design

The only honest way to know whether something is secure is to attack it the way a real adversary would.

03

Integrity, enforced

Authorization first; scope enforced by the runner, not merely advised. We hold ourselves to the standard we test everyone else against.

04

On your side

Against everyone who wants in — and against the reports that tell you you're fine when you're not.

Who's behind Vulnary.

Ehab Hussein

Ehab Hussein

Founder · Chief AI Researcher

Ehab has spent 20+ years breaking and building intelligent systems — from securing a nation's internet backbone to 200+ enterprise offensive engagements and 15+ CVEs across connected vehicles, enterprise networking, and industrial control systems, with Hall-of-Fame recognition from Google and Samsung. A Black Hat speaker, he now leads adversarial programs against ML models, pipelines, and production AI — and built the Resident, Vulnary's autonomous engine, to prove exploitability at scale. His throughline runs through everything Vulnary does: don't just flag a vulnerability — prove it, then engineer the systems that make failure impossible.

LinkedIn →
Ahmed Fekry

Ahmed Fekry

Co-Founder · Chief Solutions Officer

Ahmed brings 15+ years across the infrastructure half of the stack — cybersecurity, cloud, networking, Unix systems, storage, and DevOps. He has engineered mission-critical systems from the filesystem and kernel up, delivered disaster-recovery and high-availability platforms for enterprise workloads, and now leads advanced data-security solutions across the region, where performance and scale can't slip. At Vulnary he keeps the offensive work grounded in reality: how systems are actually built, operated, and defended at scale.

LinkedIn →

Don't take our word for it.

Every claim on this page is something we can show you live.