Security audits for AI-coded SaaS
Hand-driven security audits for indie founders who ship fast. One week, fixed price from $1,500, full report your engineers can patch from. If I don't surface a High or Critical, you keep the clean-bill-of-health report and pay nothing.
Research
Vulnerability research on AI-generated SaaS, published after coordinated disclosure or after a 7-day non-response window with the vendor.
Four findings on an AI assistant for live interviews and meetings — including SSRF via DNS rebinding, CORS null-origin with credentials, and a TOCTOU race on a quota-gated creation flow. Reported privately and fixed under coordinated disclosure. The detailed writeup is embargoed by agreement until approximately August 2026, when it will be republished in full on this site.
A MITM attacker on the network can silently execute arbitrary shell commands on a Clicky user's machine by forging a single AI tool call in the response stream. No sandbox, no approval prompt, no indication to the user. Plus six more findings, including undisclosed conversation surveillance to a third-party analytics platform.
Four findings, two of them High, sharing one architectural root cause: authorization enforced in the Next.js app layer, missing from the database tier and from several public API routes. An unauthenticated attacker can hijack a victim's Notion publishing pipeline without ever signing into Outrank.
All writeups → · New research published roughly twice a month.
The offer
One week of hand-driven testing on your AI-coded SaaS, plus the full deliverable stack:
| Deliverable | What it is | Value |
|---|---|---|
| Findings report | Per finding: severity, reproducible repro, impact, concrete fix. | $1,500 |
| Threat model | What an attacker can actually do against your architecture. | $1,500 |
| Remediation Q&A | 30 days of email support while your team ships the fixes. | $1,000 |
| Free re-test | One round of verification on the original scope after you patch. | $1,500 |
| 7-class checklist | The vulnerability classes LLMs ship most often, with detection recipes. | $500 |
| Standalone value | $12,000 | |
| Starting at | $1,500 | |
Guarantee
If I don't find a High or Critical, you don't pay.
Quote, pay 50% upfront, one week of work. If I haven't surfaced a finding I'd score High or Critical under CVSS 3.1 by week's end, the deposit is refunded in full and you keep the clean-bill-of-health report as a due-diligence asset.
Get started
One sentence on what your app does. I'll reply with whether I see something worth a closer look. Free, no NDA needed at this stage.