Research · A division of Cavexia AI, Inc.

Cavexia Security Research.

Cavexia conducts independent security research focused on improving the security of modern software systems, AI platforms, and cloud infrastructure. Findings ship as public advisories, open-source tooling, and coordinated disclosures.

Focus Areas

Where our research lives.

AI security

Prompt injection, tool poisoning, model exfiltration paths, agentic supply chains. We disclose vulnerabilities in AI infrastructure and publish tooling for defenders.

Application security

Server-side and client-side vulnerabilities in modern web stacks. Authorization boundaries, tenant isolation, session handling, injection classes.

Secure software engineering

How teams build software that stays secure as it scales. Threat modeling, secure defaults, signed builds, supply-chain integrity.

Cloud infrastructure

Misconfigurations and privilege paths across major clouds. IAM boundary analysis, network segmentation, secrets handling, control-plane hygiene.

Identity systems

OAuth, OIDC, SAML, and session-management weaknesses. Federation edge cases, refresh-token handling, cross-tenant impersonation vectors.

Disclosure

Responsible disclosure first.

When we find vulnerabilities in third-party systems, we contact maintainers privately and give them 30 days (90 for critical) before anything is public. Coordinated advisories flow into the public threat intelligence feed.

Reach the research team at security@cavexia.com. PGP key at /.well-known/security.txt.

About the parent company

Cavexia Security Research is a division of Cavexia AI, Inc., a software company founded by Logan Bryan (Loganbxdev). Sister division: Cavexia Software Products.