Research
Technical write-ups on constraint-driven vulnerability discovery, binary analysis internals, MCP tool architecture, and what we learn building AI-native security tools in Rust.
Articles
Constraint-Driven Vulnerability Discovery
How inferring application constraints produces an exponentially smaller search space — and why this finds bugs that fuzzers miss.
Building an SSA Decompiler in Rust
The Cooper-Harvey-Kennedy algorithm, phi insertion, type inference, and inter-procedural propagation in Aletheia's IR.
Why MCP Tool Calling Doesn't Scale
Token economics of 267 tool schemas, and how Forgemax collapses them to ~1,100 tokens with code-mode execution in sandboxed V8.
HTTP/2 Single-Packet Race Conditions
Implementing the Kettle methodology for sub-microsecond timing windows. Multiplexed streams, last-byte sync, and detection heuristics.
Anti-Analysis Evasion with MITRE ATT&CK Mapping
Detecting packing, anti-debug, and environment checks in stripped binaries — automatically mapped to ATT&CK technique IDs.
267 MCP Tools in Practice
A walkthrough of a full agent-driven security assessment — from traffic import to verified vulnerability to submission-ready report.
Get notified when we publish
Join the waitlist to receive research updates alongside early access to Arbiter and Aletheia.
Join Waitlist