We study how systems break. Our work focuses on vulnerability discovery, real-world attack techniques and understanding how modern systems fail under pressure.
We Reproduced Anthropic’s Mythos Findings With Public Models
Klaudia Kloc, Dawid Moczadło, Marek Lewandowski, Amadeusz Lisiecki, Jakub Sienkiewicz, Mikołaj PalkiewiczTL;DR Anthropic presents Mythos and Project Glasswing as evidence that advanced AI vulnerability research should be restricted. But our replication suggests a different conclusion: the capabilities Anthropic points to are already available in public models, so defenders should prepare for that reality instead.
Detecting Complex Vulnerabilities in Real-World Code: An LLM Benchmark
Klaudia Kloc, Dawid MoczadłoLarge Language Models (LLMs) are increasingly applied to software security tasks, yet their effectiveness in identifying complex vulnerabilities in real-world code remains poorly understood due to limitations in existing benchmark datasets. This research introduces a new benchmark specifically designed to evaluate LLMs in realistic security code reviews.
How we helped make Lovable more secure
Klaudia Kloc, Dawid MoczadłoThis is an incredible story of how we chained five low severity issues into a universal account takeover in Lovable. Part of the hack was done by exploiting vulnerabilities in Google (Firebase) and part - in Lovable. It resulted in finding a way to implant the code that could take over any Lovable user account that visits an infected link. After we reported it, Lovable fixed the problem in a matter of hours, and VIDOC helped them secure their product and development cycle.