ABOUT solo · independent · AI-coded SaaS only

What this site is,
and why it only does one thing.

Vulnerability research and paid security audits for AI-generated SaaS. Writeups are the public work; audits are how the public work gets paid for.

Thesis

Why this niche works

LLMs make the same security mistakes over and over, because they sample from a shared training distribution. The bugs are fingerprintable, not creative — the same OAuth state forgery, the same RLS quota bypass, the same SSE tool-call injection, on different apps, the same week. Hunt them systematically across many targets, not creatively on one.

Most founders who ship fast with LLMs are aware of this on some level, but don't have the time or background to test for it. Most security firms are scoped for enterprises and price accordingly. There's a gap. This site lives in the gap.

Structure

Two things live here

Writeups
Vulnerability research, published after coordinated disclosure or a 7-day non-response window. Free to read. Index →
Audits
Hand-driven security reviews for indie founders shipping AI-coded SaaS. One week, fixed price, full report. Offer →

Contact

Email me.

For audits, send your URL with one sentence on what your app does. For security disclosures, prefix the subject with [Security disclosure] and I'll triage faster.

[email protected]