The UnboundCompute blog
Writing on web security
-
Why we only report proven vulnerabilities
We use vulnerability verification to prove a bug is real and exploitable before we report it, so your team gets signal, not…
-
How UnboundCompute differs from a vulnerability scanner
An ai vulnerability scanner floods you with maybes. See how an autonomous researcher reasons about your app, proves a finding, and reports…
-
How UnboundCompute works, from understanding an app to proving a bug
See how UnboundCompute does ai penetration testing: understand an app, test an assumption, run an experiment, and prove a real bug with…
-
Why we are building UnboundCompute
Most automated security testing checks known bugs and misses access control and logic flaws. Here is our bet on a researcher that…
-
Meet UnboundCompute, an autonomous security researcher for web apps and APIs
Meet UnboundCompute, an autonomous security researcher that brings autonomous penetration testing to web apps and APIs by testing assumptions, not lists.
-
Teardown: chaining small bugs into a real breach
An exploit chaining teardown: see how three low severity bugs in an invented app combine into one account takeover, and how to…
-
Teardown: how an IDOR quietly exposes another user’s data
A step by step idor example using an invented app. Map the app, change one id, read another user’s note, then learn…
-
How do hackers find vulnerabilities?
How do hackers find vulnerabilities? They map an app, learn its rules, guess where assumptions break, test access and inputs, then prove…
-
What is command injection? Examples explained
Command injection lets attacker input run server commands. See a clear ping tool example, real impact, and how to fix it with…
-
What is web application security?
Web application security explained for beginners: what it is, why it matters, the main risk areas like input, access control, and logic,…