We study how systems break. Our work focuses on vulnerability discovery, real-world attack techniques and understanding how modern systems fail under pressure.
How we helped make Lovable more secure
Klaudia Kloc, Dawid MoczadłoThis is an incredible story of how we chained five low severity issues into a universal account takeover in Lovable. Part of the hack was done by exploiting vulnerabilities in Google (Firebase) and part - in Lovable. It resulted in finding a way to implant the code that could take over any Lovable user account that visits an infected link. After we reported it, Lovable fixed the problem in a matter of hours, and VIDOC helped them secure their product and development cycle.
Detecting Complex Vulnerabilities in Real-World Code: An LLM Benchmark
Klaudia Kloc, Dawid MoczadłoLarge Language Models (LLMs) are increasingly applied to software security tasks, yet their effectiveness in identifying complex vulnerabilities in real-world code remains poorly understood due to limitations in existing benchmark datasets. This research introduces a new benchmark specifically designed to evaluate LLMs in realistic security code reviews.