Security Research

Vulnerability Research & Disclosures

Original security research from the SableOffensive team. We find vulnerabilities in AI infrastructure and modern web applications so you can build safer products.

HIGH 9.2

6 Startups Scanned, 47 Vulnerabilities Found

Real Pentest Results — No Brand Names, Just Stacks and Findings

We performed free security assessments for 6 real startups across different industries. We found 47 vulnerabilities — including a fully compromised server, SSRF via known CVEs, exposed Discord webhooks, and leaked API keys. Every single startup had at least one high-severity issue.

6
Startups Scanned
47
Vulnerabilities
100%
Had High+ Issues
PentestStartupsOWASPReal Data
Read Full Report
CRITICAL 9.8

CVE-2026-22778: vLLM Remote Code Execution

Send a Video, Get a Shell

Critical vulnerability in vLLM (versions 0.8.3 through 0.14.0) enables Remote Code Execution via malicious video input. Over 175,000 servers exposed across 130 countries with no authentication required.

175K+
Servers Exposed
9.8
CVSS Score
130
Countries
CVERCEAI/MLCritical
Read Full Report
CRITICAL 9.8

OpenClaw Security Research: 900+ Exposed Instances

Same Vulnerabilities, New Name

Comprehensive security audit of OpenClaw (formerly Moltbot/Clawdbot) reveals 900+ exposed instances, 8 critical vulnerabilities including authentication bypass (CVE-2025-49596), and 181 leaked secrets across the ecosystem.

900+
Instances Exposed
8
Critical Vulns
181
Secrets Leaked
CVEAuth BypassAI AgentsCritical
Read Full Report
HIGH 8.8

1,673 AI Gateways Exposed: Moltbot Research

The Original Discovery

Our initial research uncovered 1,673 exposed Moltbot/Clawdbot servers via Shodan. Over 1,000 instances lacked authentication entirely, exposing 55 RPC methods including arbitrary shell command execution.

1,673
Servers Found
1,000+
Without Auth
3
CVEs Found
ShodanRPCAI GatewaysHigh
Read Full Report

Concerned About Your Security?

The vulnerabilities we find in the wild exist in startups too. Get your application scanned before someone else finds the flaws.

Get a Security Scan