About
What this site is, and why.
Vulnerability research and paid security audits for AI-generated SaaS. Solo operation. Writeups are the public work; audits are how the public work gets paid for.
Thesis
Why this niche works
LLMs make the same security mistakes over and over, because they sample from a shared training distribution. The bugs are fingerprintable, not creative — the same OAuth state forgery, the same RLS quota bypass, the same SSE tool-call injection, on different apps, the same week. Hunt them systematically across many targets, not creatively on one.
Most founders who ship fast with LLMs are aware of this on some level, but don't have the time or background to test for it. Most security firms are scoped for enterprises and price accordingly. There's a gap. This site lives in the gap.
Structure
Two things live here
Writeups — vulnerability research on AI-coded products, published after coordinated disclosure with the vendor or after a standard non-response window. Free to read.
Audits — if you ship an AI-coded SaaS and you'd rather hear about a vulnerability from me than from a customer, I do hand-driven security reviews for indie founders and seed-stage teams. One week, fixed price, full report. Find a High or Critical or you don't pay.
Contact
Email me.
For audits, send your URL with one sentence on what your app does. For security
disclosures, prefix the subject with [Security disclosure] and I'll
triage faster.