Proud to share that @doyensec was trusted by Anthropic as one of the security partners validating #Mythos findings as part of Project #Glasswing!

Contact us today to see how our research-driven approach shapes the future of #appsec!

https://www.anthropic.com/research/glasswing-initial-update

#doyensec #security #ai #claude #claudecode #claudemythos #anthropic

New #CloudSecTidbits explores how misconfigured AWS ELBs can silently break security boundaries through rule shadowing, CloudFront/WAF bypasses, and alternate routing paths.

We’re also releasing ELBaph — a new read-only tool to map ELB routing graphs, detect exposed paths, and surface real-world attack chains across ALBs/NLBs.

https://blog.doyensec.com/2026/05/25/cloudsectidbits-elbaph-alb.html

#AppSec #Doyensec #AWS #CloudSecurity #AppSec #SecurityResearch

After uncovering memory bugs in NASA’s CFITSIO, we looked at turning its *documented* features into attack primitives.

Check out the blog post for details & a newly released Docker playground to reproduce the demos locally.

#AppSec #doyensec #security

https://blog.doyensec.com/2026/05/19/cfitsio-weaponized-filenames.html

While we're happy for our prize and that our exploit targeting OpenAI's Codex in the Coding Agent category was successful at #PWN2OWN, this was a collision💥 as the bug was previously known to the vendor. Back to the research! #P2OBerlin

#doyensec #appsec #security #ai #openai

If you're attending #PWN2OWN, be sure to watch Doyensec's Leonardo Giovannini demonstrate his #OpenAI Codex 0day exploit live Thursday, May 14 at 15:30.

If you can't make it in person, keep an eye on https://blog.doyensec.com/ for more great #ai security research like this - coming very soon!

See the PWN2OWN schedule here: https://www.zerodayinitiative.com/blog/2026/5/13/pwn2own-berlin-2026-the-full-schedule

#appsec #doyensec #ai #0day #exploit

Proud to share that #Doyensec has 3 unpatched 0day submissions for this year's #PWN2OWN - one for each #AI Coding Agent category target & our OpenAI Codex exploit was selected for the competition! The other vulnerabilities have been reported to the other vendors.

#security

Read how #Doyensec went beyond the basic #AI & web testing to reshape how our client thinks about risks and how we enabled them to evaluate a previously unknown attack surface. It’s amazing when our passion for #appsec has such a big impact!

#security

https://www.unit21.ai/blog/risk-decisions-in-the-era-of-ai-what-happens-when-the-subject-fights-back

🚨 Use the Outline wiki? Ensure you have updated to the latest version.

The latest coordinated disclosure from our Leonardo Giovannini helped to resolve a stored XSS in the project. Check out the details here: https://github.com/outline/outline/security/advisories/GHSA-rqrg-f3qc-xvgh#advisory-comment-200379

#doyensec #appsec #security

A great day 1 at DEVWorld Amsterdam is in the books! If you're attending on Friday, stop by our booth and let's talk about how Doyensec can help your team Build With Security!

#doyensec #appsec #security #devworld #devworldconference

If you're attending, check our Adrian Denkiewicz ([email protected])'s talk - When Filenames Become Attack Surfaces: Weaponizing NASA’s CFITSIO Extended Filename Syntax, at BSides Luxembourg 🇱🇺, Thurs at 14:45!

https://pretalx.com/bsidesluxembourg-2026/talk/WDFHHV/

#doyensec #appsec #security #bsides #bsidesluxembourg2026 #bsidesluxembourg