Cavexia Security Research.
Cavexia conducts independent security research focused on improving the security of modern software systems, AI platforms, and cloud infrastructure. Findings ship as public advisories, open-source tooling, and coordinated disclosures.
Where our research lives.
AI security
Prompt injection, tool poisoning, model exfiltration paths, agentic supply chains. We disclose vulnerabilities in AI infrastructure and publish tooling for defenders.
Application security
Server-side and client-side vulnerabilities in modern web stacks. Authorization boundaries, tenant isolation, session handling, injection classes.
Secure software engineering
How teams build software that stays secure as it scales. Threat modeling, secure defaults, signed builds, supply-chain integrity.
Cloud infrastructure
Misconfigurations and privilege paths across major clouds. IAM boundary analysis, network segmentation, secrets handling, control-plane hygiene.
Identity systems
OAuth, OIDC, SAML, and session-management weaknesses. Federation edge cases, refresh-token handling, cross-tenant impersonation vectors.
Responsible disclosure first.
When we find vulnerabilities in third-party systems, we contact maintainers privately and give them 30 days (90 for critical) before anything is public. Coordinated advisories flow into the public threat intelligence feed.
Reach the research team at security@cavexia.com. PGP key at /.well-known/security.txt.
Cavexia Security Research is a division of Cavexia AI, Inc., a software company founded by Logan Bryan (Loganbxdev). Sister division: Cavexia Software Products.