AI Security Research Lab

We hunt the 0-days before they hunt you

LoSec pairs autonomous AI agents with elite offensive researchers to break software the way real attackers do — then hands you the fix before anyone else knows the door was open.

147+
0-days discovered & disclosed
9.3s
avg. time to first finding
40M+
lines of code audited by AI
5
elite security certifications held
ready

$

CAL 07.2026 breach · 0-day #147 · CVSS 9.8
targets //
Chrome ·Linux kernel ·V8 ·CPython ·OpenSSL ·nginx ·containerd ·PostgreSQL ·Kubernetes ·gRPC ·Envoy ·WebKit ·systemd ·Redis ·Chrome ·Linux kernel ·V8 ·CPython ·OpenSSL ·nginx ·containerd ·PostgreSQL ·Kubernetes ·gRPC ·Envoy ·WebKit ·systemd ·Redis ·
Backed by hands-on offensive & defensive credentials — CAPE · CWEE · OSWE · OSEP · CDSA
CAPEAltered Security

Certified Active Directory Pentesting Expert

Active Directory

CWEEHack The Box

Certified Web Exploitation Expert

Web Exploitation

OSWEOffSec

OffSec Web Expert

Whitebox Web

OSEPOffSec

OffSec Experienced Penetration Tester

Evasion & Red Team

CDSAHack The Box

Certified Defensive Security Analyst

Blue Team & Detection

01Proof, not promises

Bugs we broke first

Every finding starts as a hypothesis and ends as a working proof-of-concept. From memory corruption in parsers to logic flaws in auth flows, here's what our AI surfaced and our researchers weaponized — all responsibly disclosed.

01 · LSEC-2026-003 CRITICAL 9.8

Remote Code Execution

Unauthenticated RCE in Northwind API Gateway via template injection in the routing engine

The gateway evaluates route-rewrite rules through a server-side template engine that never leaves sandbox mode off — except it does. A crafted Host header walks straight into the expression evaluator, and one request turns an edge proxy into a shell. No auth, no user interaction, pre-patch chain reconstructed end to end.

Northwind · Northwind API GatewayFeb 11, 2026
02 · LSEC-2026-006 CRITICAL 9.1

Authentication Bypass

SSO auth bypass in Aperture Identity Broker via SAML assertion confusion

Aperture canonicalizes SAML XML before signature validation but reads attributes after — a classic comment-splitting mismatch. Inject one XML comment into the NameID and you sign in as anyone, including the tenant admin. We forged a valid session for a fictional CISO account in under a minute of interaction.

Aperture · Aperture Identity BrokerMar 27, 2026
03 · LSEC-2026-010 HIGH 8.6

Server-Side Request Forgery

Cloud-metadata SSRF in Helios Storage Connector escalates to credential theft

The connector's remote-import feature validates URLs with a hostname allowlist, then re-resolves DNS at fetch time — a textbook TOCTOU. A rebinding record pivots the fetch to 169.254.169.254 and hands back instance-role credentials. From upload form to cloud keys in three requests.

Helios · Helios Storage ConnectorApr 19, 2026
04 · LSEC-2026-013 HIGH 8.8

Insecure Deserialization

Insecure deserialization to RCE in Cortex ML Model Registry artifact loader

Registry ingests uploaded model artifacts and unpickles them to read metadata before any policy check runs. A weaponized artifact executes on the ingestion worker with registry service privileges — a supply-chain foothold inside the MLOps pipeline itself. We demonstrated code exec on a pushed model, no reviewer approval required.

Cortex · Cortex Model RegistryMay 22, 2026
05 · LSEC-2026-016 HIGH 7.5

Privilege Escalation

Namespace-boundary privilege escalation in Meshwork Service Mesh Controller

The controller trusts a sidecar-supplied namespace claim when minting mTLS identities but never binds it to the workload's actual scope. A compromised pod requests a certificate for a neighboring namespace and inherits its traffic policy — lateral movement with a valid, mesh-issued identity. Tenant isolation, dissolved.

Meshwork · Meshwork Mesh ControllerJun 09, 2026
06 · LSEC-2026-019 HIGH 8.2

SQL Injection

Blind SQL injection in Solstice Analytics Platform report filter API

A JSON filter operator on the saved-report endpoint is concatenated into the query builder while every other field is dutifully parameterized — one forgotten branch. Time-based blind injection reads the full customer schema, including hashed credentials and API tokens, from a low-privilege analyst account. We exfiltrated a synthetic dataset to prove reach.

Solstice · Solstice Analytics PlatformJun 30, 2026
02From the lab

Field notes on breaking software

Deep technical write-ups, exploit chains, and the research methods behind our disclosures — how the bug was found, why it mattered, and how an AI hunch became a CVE.

03Disclosure ledger

The running tally

A live index of CVEs, advisories, and vendor coordinations credited to LoSec. Every entry expands to the full technical breakdown — vector, impact and status.

  • Description

    The /cluster/sync endpoint deserializes attacker-controlled binary payloads carried in the X-NW-Cluster-State header through a permissive ObjectInputStream with no class allow-list. Because cluster traffic is 'trusted' solely on the presence of a static header, no authentication is required. A gadget chain built from the Commons-Collections variant present on the default classpath yields code execution as the gateway service account. A single crafted POST reproduces the issue reliably against a stock install. LoSec sample advisory — fictional product for illustration.

    Impact

    Full compromise of the gateway node, including exfiltration of brokered TLS private keys and upstream service credentials, and lateral movement into every backend the gateway fronts. Observed exploitation path: one request to interactive reverse shell.

    REF
    LOSEC-2026-0001
    CVSS
    9.8
    Product
    Northwind Gateway (Enterprise API Gateway) ≤ 4.7.2
    Disclosed
    2026-03-11
    Vector
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Credit
    LoSec Labs — R. Vance (OSWE)
Showing 10 of 147 entries · continuously updated Request full ledger access →

// AI Security Research Lab

Find out what's already inside your stack

Give our AI your attack surface and we'll show you what a determined adversary would find first. Confidential, researcher-led, and fast.