Research
Technical write-ups on constraint-driven vulnerability discovery, binary analysis internals, MCP tool architecture, and what we learn building AI-native security tools in Rust.
Upcoming
Constraint-Driven Vulnerability Discovery
How inferring application constraints produces an exponentially smaller search space — and why this finds bugs that fuzzers miss.
Coming soonBuilding an SSA Decompiler in Rust
The Cooper-Harvey-Kennedy algorithm, phi insertion, five-pass type inference, and inter-procedural propagation in Aletheia's IR.
Coming soonWhy MCP Tool Calling Doesn't Scale
Token economics of 265 tool schemas, and how Forgemax collapses them to ~1,100 tokens with code-mode execution in sandboxed V8.
Coming soonHTTP/2 Single-Packet Race Conditions
Implementing the Kettle methodology for sub-microsecond timing windows. Multiplexed streams, last-byte sync, and detection heuristics.
Coming soonAnti-Analysis Evasion with MITRE ATT&CK Mapping
Detecting packing, anti-debug, and environment checks in stripped binaries — automatically mapped to ATT&CK technique IDs.
Coming soon265 MCP Tools in Practice
A walkthrough of a full agent-driven security assessment — from traffic import to verified vulnerability to submission-ready report.
Coming soonGet notified when we publish
Join the waitlist to receive research updates alongside early access to Arbiter and Aletheia.
Join Waitlist