Post-mortems · deep dives
Case studies
Long-form analyses of high-severity findings. Each case study includes the original evidence bundle, per-provider reasoning, and reproducibility instructions.
- highsecurityJune 2026
n8n-workflows CVE-2025-55526 — api_server.py path traversal
Neutral-label scan — Opus and GPT-5 both caught the path traversal and graded it at the right severity.
read case study → - criticalmethodologyJune 2026
Zcash Orchard counterfeiting bug
Re-ran our gate against the 2021 introducing commit. Generalist surfaced adjacent soundness; a 50-line halo2 wrapper got GPT-5 to the exact fix mechanism — blind. Honest receipt of where the gate works and where it doesn't.
read case study → - highsecurityMarch 2026
OpenClaw CVE-2026-31998 — synology-chat auth bypass
HIGH CVE on the fastest-growing OSS project in GitHub history — GPT-5 named the exact vulnerability; unanimous gate fired
read case study → - highsecurityFebruary 2026
Moonwell MIP-X43 oracle bug
1ドル.78M incident — AntFleet caught a sibling of the exploited cbETH config in the same PR
read case study →
More case studies will be added as findings mature into full post-mortems.