Security Research × AI / Hybrid Practice

We break things
that should not break.

Book a 1:1 consultation Read our research

// Practice Areas

What we do

Four practice areas, one operating model: deep technical research, delivered as engagements or focused vulnerability programs.

[ 01 ]

Cloud Security

IAM authorization audits, multi-tenant isolation review, SSRF & cross-account paths, CSP-specific bypass research (AWS / GCP / Azure).

[ 02 ]

Mobile Security

Android & iOS app review, SDK misconfiguration hunting, runtime instrumentation, supply-chain risk in third-party libraries.

[ 03 ]

AI / LLM Security

Prompt-injection, agent jailbreaks, tool-use abuse, model supply-chain. CVP-approved on Anthropic’s program.

[ 04 ]

Red Team

Adversary emulation across web, identity, and infrastructure. Chained 0-click exploits, federated-IdP abuse, desktop-client takeover.

// Credentials

Trusted, verified, on the record.

OSWE

Offensive Security Web Expert

CVP

Anthropic Claude Vulnerability Program

HackerOne

@poneglyph — public profile

Active researcher on HackerOne (@poneglyph) with disclosed reports across consumer, enterprise, and AI programs. CVP-approved on Anthropic’s Claude Vulnerability Program.

// Public-program acknowledgements

Companies we helped secure.

A non-exhaustive list of organizations whose public security programs we've reported valid issues to.

Microsoft
Meta
DJI
Swisscom
Fiverr
Ubisoft
Uber
Stripe

Wordmarks shown for reference. Not affiliated; not endorsements.

// Field notes

Our Research

Selected write-ups from public bounties, internal research, and engagements where disclosure was authorized.

// Engage

Book a 1:1.

For consulting, scoped engagements, AI security review, or red-team retainers. 30-minute intro call, no obligation.

Cloud / IAM authorization audits
Mobile app & SDK security reviews
AI / LLM safety & red-teaming
Adversary emulation engagements

Open Calendly in new tab

We break things that should not break.