The UnboundCompute blog
How web apps and APIs really break.
Clear, honest writing on web and API security. The common bugs, the ones automated scanners miss, and how a real finding is actually proven. Written for everyone from beginners to security teams.
What we write about
Vulnerability Basics
Plain explanations of how software actually breaks.
Access Control
Broken access control, IDOR, and who can do what.
Injection and Input
XSS, SQL injection, and untrusted input.
Scanners vs Research
Why scanners miss the bugs that matter.
Attack Teardowns
Step by step walkthroughs of real bug classes.
Latest writing
-
Why we only report proven vulnerabilities
We use vulnerability verification to prove a bug is real and exploitable before we report it, so your team gets signal, not a queue full of maybes.
-
How UnboundCompute differs from a vulnerability scanner
An ai vulnerability scanner floods you with maybes. See how an autonomous researcher reasons about your app, proves a finding, and reports only signal.
-
How UnboundCompute works, from understanding an app to proving a bug
See how UnboundCompute does ai penetration testing: understand an app, test an assumption, run an experiment, and prove a real bug with hard evidence.
-
Why we are building UnboundCompute
Most automated security testing checks known bugs and misses access control and logic flaws. Here is our bet on a researcher that proves what it finds.
-
Meet UnboundCompute, an autonomous security researcher for web apps and APIs
Meet UnboundCompute, an autonomous security researcher that brings autonomous penetration testing to web apps and APIs by testing assumptions, not lists.
-
Teardown: chaining small bugs into a real breach
An exploit chaining teardown: see how three low severity bugs in an invented app combine into one account takeover, and how to verify and stop each link.