Field Record

Selected engagements.

Anonymized client case studies below, plus a live feed from our bug bounty pipeline. Everything here was proven in an incognito browser before we claimed it.

Client Engagements

What’s shipped under engagement.

Client engagements are confidential by default. Named customers below have explicitly consented to public attribution.

Financial services — payout platform

Q1 2026 · authorized assessment · anonymized

Exposed payout data via indirect IDOR chain

A production fintech platform with standard Firebase auth and public read rules. Our recon agent mapped the exfil path; the access-control agent proved cross-user read via asymmetric Firestore rules. Finding was reproduced in an incognito browser, remediated by the customer within 48 hours, and closed under a paid engagement.

What the brain learned

The belief that led here — an indirect-IDOR pattern first surfaced from an XBOW benchmark solve months earlier — contributed to three subsequent findings on unrelated customers. Compound learning in practice.

Time to first critical

3h 42m

Records reachable

$19,832 in payout data

Time to remediation

48 hours

Engagement type

One-shot audit

Community platform — pre-launch retainer

Q1 2026 · named client: PremiumMinds · signed scope

Retainer coverage from pre-launch through first paying user

Weekly autonomous scans plus a direct Slack channel to the founder. Every finding shipped with a Cursor-ready fix prompt, then re-verified on the next cycle. Engagement ongoing. Specific finding counts are held under engagement confidentiality until the customer publishes their own write-up.

What the brain learned

Retainer cadence is the right posture for teams shipping faster than a quarterly audit can keep up with. A weekly scan turns every new feature into a re-validation point.

Engagement type

Retainer

Cadence

Weekly scans

Framework

Next.js + Supabase

Status

Active

SaaS — early-stage B2B

Q4 2025 · authorized assessment · anonymized

Full offensive pre-SOC-2 audit with clean rerun attestation

An annual-audit engagement ahead of the client’s first SOC 2 Type I assessment. Full offensive coverage across web, API, and cloud surface, followed by a 30-day remediation window and a clean rerun. Signed attestation letter delivered on final pass.

What the brain learned

Pairing the audit cadence with a compliance window shortens the total time to SOC 2 readiness — the same engagement produces the findings, the fixes, and the attestation.

Engagement type

Annual audit

Outcome

Clean rerun

Framework mapping

SOC 2 Type I

Deliverable

Attestation letter

Bug Bounty — Live Pipeline

Public findings, in the open.

Beyond client engagements, our swarm runs against authorized public bounty programs. Every submission is real, every dollar listed is paid.

Active engagement confidentiality is the reason most of our findings stay private. Public bounty submissions will be published here as programs disclose them — disclosure cadence is set by the platform, not by us.

More client case studies above

100%

XBOW benchmark

black-box · 104/104

Incognito-verified

Every finding

No theoretical reports

Attestation-ready

Annual audit deliverables

SOC 2 · ISO 27001 · HIPAA · PCI

Add your stack to the record.

A 30-minute scoping call is where most engagements start. We’ll tell you what we’d find, how we’d find it, and what it costs to keep it out of your production stack.

Request a Scoping Call