R0/Offensive research at AI scale.

Zero-daydiscovery.Human-directed.

A model can suggest where a vulnerability might be. Securin proves it, exploits it, reproduces it, and fixes it — under CNA and GNA authority.

Start an engagement Have a finding to coordinate?

R1/PROGRAM INTELLIGENCE · ADVISORY INDEX

The full record.

65 advisories published · indexed since 2015

Pipeline

280

Discovered

By Securin researchers

280

Disclosed

To upstream maintainers

157

Triaged

Acknowledged by maintainer

Resolved

CVE assigned, patch shipped

108

Maintainer review

No acknowledgement yet

Rejected

Out-of-scope or duplicate

Pipeline

280

Discovered

By Securin researchers

280

Disclosed

To upstream maintainers

157

Triaged

Acknowledged by maintainer

Resolved

CVE assigned, patch shipped

108

Maintainer review

No acknowledgement yet

Rejected

Out-of-scope or duplicate

Triage integrity

AI surfaces candidates at scale. Every candidate is reproduced by a practitioner before it counts as a finding — false positives, theoretical issues, and duplicates are discarded at this gate.

318

AI-surfaced candidates

Pre-triage, machine output

292

Manually reviewed

By Securin practitioners

90.4%

True-positive rate

264 confirmed of 292 reviewed

The true-positive rate counts findings a practitioner confirmed as a real vulnerability — including bugs later found to be already-reported or marked won’t-fix by a maintainer. It is one proxy for signal quality; shipped patches, further down, are the more reliable measure of impact.

Advisory index — every finding, searchable.

Published entries link to the NVD database via CVE ID, or to our internal advisory via the Securin reference. Embargoed entries show a redacted summary; full detail publishes when the coordination window closes.

SEC ZD · CVEVendor · ProductVulnerabilityCVSSStatusArtifactsAdvisory

sec-zd-10

Follett School SolutionsDestiny Library Manager

Securin Zero-DaysReflected Cross-Site Scripting in Follett School Solutions Destiny Library ManagerMay 28, 2026

Follett School SolutionsDestiny Library Manager

Securin Zero-DaysReflected Cross-Site Scripting in Follett School Solutions Destiny Library ManagerMay 28, 2026

D-Link Corporation / Alpha Networks Inc. (ODM)D-Link DIR-456U Hardware Revision A1 (End-of-Life)

Securin Zero-DaysHardcoded Telnet Backdoor in D-Link DIR-456U A1 (End-of-Life)Apr 21, 2026

D-Link Corporation / Alpha Networks Inc. (ODM)D-Link DIR-600L Hardware Revision A1 (End-of-Life)

Securin Zero-DaysHardcoded Telnet Backdoor in D-Link DIR-600L A1 (End-of-Life)Apr 21, 2026

D-Link Corporation / Alpha Networks Inc. (ODM)D-Link DIR-600L Hardware Revision B1 (End-of-Life)

Securin Zero-DaysHardcoded Telnet Backdoor in D-Link DIR-600L B1 (End-of-Life)Apr 21, 2026

D-Link Corporation / Alpha Networks Inc. (ODM)D-Link DIR-605L Hardware Revision B2 (End-of-Life)

Securin Zero-DaysHardcoded Telnet Backdoor in D-Link DIR-605L B2 (End-of-Life)Apr 21, 2026

Showing 1–6 of 65

…

Securin IDVendorProductCVSS est.Severity

sec-zd-104

Apache

Apache Airflow FAB provider

7.5

High

sec-zd-103

Apache

Apache Mina

9.8

Critical

sec-zd-102

Apache

Apache Mina

9.8

Critical

sec-zd-101

Apache

Apache Camel

6.3

Medium

sec-zd-100

Apache

Apache Camel

8.1

High

sec-zd-99

Apache

Apache Camel

7.5

High

Showing 1–6 of 39

…

Counts as of June 2026·90-day coordinated disclosure window·Read the policy →·Submit a finding →

R2/THE DISCOVERY PROCESS

From target
to verified
exploit.

AI accelerates coverage. Every output is validated by a practitioner before it counts.

01Scope & Target

Intelligence-led targeting

Rules of engagement established upfront. Vulnerability intelligence focuses effort on targets that matter.

Defined scope, no hallucinated targets

02Discover

AI-augmented recon & analysis

Frontier models map the attack surface at scale. Human expertise directs them to the code paths that matter.

Scale of AI, precision of expertise

03Validate

Human-verified exploit chains

Every output is triaged against practitioner tradecraft — discarding false positives, theoretical issues, and hallucinated findings. What remains is forged into working exploits and exploit chains, powered by CWE research intelligence.

No PoC, no finding

04Coordinate & Deliver

90-day disclosure, full advisory

Vendor receives the report and exploit under a 90-day embargo. We coordinate the patch and publish the full advisory under CNA and GNA authority.

Citable, signed, indexed

CNA · GNA

CVE & GCVE Numbering AuthorityCISA-sponsored CNA · EU GCVE GNA

ISO

Disclosure ProcessISO/IEC 29147 & 30111 aligned

KEV

CISA KEV ContributorActive exploitation reporting

∞

Vulnerability IntelligenceVI Platform · 240k+ CVEs tracked

R3/HOW OFTEN THE MODEL IS RIGHT

AI proposes.
A practitioner
decides.

We record the model’s severity assessment before any human or vendor sees it, then compare it against the severity a practitioner confirms during triage. The gap is the value we add.

Practitioner-validated severity →

Critical

High

Medium

Low

Critical

High

Medium

Low

AI-assessed severity ↓

73.0%

Exact agreement

Model band matched the validated band

96.9%

Within one band

Off by at most one severity level

226

Findings compared

Completed practitioner triage

The model’s assessments are produced with no project context. A maintainer may rate the same bug differently under a project-specific threat model — which is exactly why a human sits between the model and the report. Cells on the diagonal are exact agreement; the brightest cells should run corner to corner.

R4/WHO IT BENEFITS

The same work.
Four ways in.

Security leader · CISO

Verified intelligence on software your organisation runs

Define the target stack. We deliver a validated exploit, coordinated patch, and signed advisory — before public disclosure.

See the capability

Analyst · Journalist

A citable, public record of coordinated research

CVSS data, vendor, vulnerability class, disclosure timeline — all indexed and available for your reporting.

See the full breakdown

Independent researcher

Found something? We handle the hard part.

Bring your finding. We handle CVE assignment, vendor coordination, and publication. You retain full authorship and credit.

Get involved

Security practitioner

Root-cause analysis, exploit chains, CWE, CVSS scoring, remediation diffs — indexed and searchable per advisory.

Browse the advisory index

R5/HOW IT FITS THE SECURIN PLATFORM

Zero-day discovery
doesn’t run
in isolation.

Three capabilities, one pipeline.

Zero-Day Discovery

Frontier models directed by practitioner expertise. Human accountability at every stage.

CVE assignmentWorking exploitsCNA & GNA-signed advisories

APT

Automated Penetration Testing

Scales reconnaissance across large attack surfaces. Surfaces candidates for AI analysis — widening what the discovery program can reach.

Attack surface coverageCandidate surfacingReal-condition validation

Vulnerability Intelligence

240,000+ CVEs tracked. Prioritises targets by real-world exploitability and sharpens remediation with risk-based context.

Exploitability contextKEV correlationRisk prioritisation

∑

Automated pentesting widens coverage. Vulnerability intelligence focuses effort. AI workflows accelerate discovery. Human experts validate and weaponise.

R6/WORK WITH THE PROGRAM

Ready to
engage.

One starting point, wherever you sit.

Start an engagement Learn How we do it

Secure intakedisclose@securin.io

CNA & GNA ProgramAuthorized by CISA, MITRE & EU GCVE

Response SLA90-day coordinated disclosure

R0/Offensive research at AI scale.

Zero-daydiscovery.Human-directed.

A model can suggest where a vulnerability might be. Securin proves it, exploits it, reproduces it, and fixes it — under CNA and GNA authority.

Start an engagement Have a finding to coordinate?

R1/PROGRAM INTELLIGENCE · ADVISORY INDEX

The full record.

65 advisories published · indexed since 2015

Pipeline

280

Discovered

By Securin researchers

280

Disclosed

To upstream maintainers

157

Triaged

Acknowledged by maintainer

Resolved

CVE assigned, patch shipped

108

Maintainer review

No acknowledgement yet

Rejected

Out-of-scope or duplicate

Pipeline

280

Discovered

By Securin researchers

280

Disclosed

To upstream maintainers

157

Triaged

Acknowledged by maintainer

Resolved

CVE assigned, patch shipped

108

Maintainer review

No acknowledgement yet

Rejected

Out-of-scope or duplicate

Triage integrity

AI surfaces candidates at scale. Every candidate is reproduced by a practitioner before it counts as a finding — false positives, theoretical issues, and duplicates are discarded at this gate.

318

AI-surfaced candidates

Pre-triage, machine output

292

Manually reviewed

By Securin practitioners

90.4%

True-positive rate

264 confirmed of 292 reviewed

Advisory index — every finding, searchable.

SEC ZD · CVEVendor · ProductVulnerabilityCVSSStatusArtifactsAdvisory

sec-zd-10

Follett School SolutionsDestiny Library Manager

Securin Zero-DaysReflected Cross-Site Scripting in Follett School Solutions Destiny Library ManagerMay 28, 2026

Follett School SolutionsDestiny Library Manager

Securin Zero-DaysReflected Cross-Site Scripting in Follett School Solutions Destiny Library ManagerMay 28, 2026

D-Link Corporation / Alpha Networks Inc. (ODM)D-Link DIR-456U Hardware Revision A1 (End-of-Life)

Securin Zero-DaysHardcoded Telnet Backdoor in D-Link DIR-456U A1 (End-of-Life)Apr 21, 2026

D-Link Corporation / Alpha Networks Inc. (ODM)D-Link DIR-600L Hardware Revision A1 (End-of-Life)

Securin Zero-DaysHardcoded Telnet Backdoor in D-Link DIR-600L A1 (End-of-Life)Apr 21, 2026

D-Link Corporation / Alpha Networks Inc. (ODM)D-Link DIR-600L Hardware Revision B1 (End-of-Life)

Securin Zero-DaysHardcoded Telnet Backdoor in D-Link DIR-600L B1 (End-of-Life)Apr 21, 2026

D-Link Corporation / Alpha Networks Inc. (ODM)D-Link DIR-605L Hardware Revision B2 (End-of-Life)

Securin Zero-DaysHardcoded Telnet Backdoor in D-Link DIR-605L B2 (End-of-Life)Apr 21, 2026

Showing 1–6 of 65

…

Securin IDVendorProductCVSS est.Severity

sec-zd-104

Apache

Apache Airflow FAB provider

7.5

High

sec-zd-103

Apache

Apache Mina

9.8

Critical

sec-zd-102

Apache

Apache Mina

9.8

Critical

sec-zd-101

Apache

Apache Camel

6.3

Medium

sec-zd-100

Apache

Apache Camel

8.1

High

sec-zd-99

Apache

Apache Camel

7.5

High

Showing 1–6 of 39

…

Counts as of June 2026·90-day coordinated disclosure window·Read the policy →·Submit a finding →

R2/THE DISCOVERY PROCESS

From target
to verified
exploit.

AI accelerates coverage. Every output is validated by a practitioner before it counts.

01Scope & Target

Intelligence-led targeting

Rules of engagement established upfront. Vulnerability intelligence focuses effort on targets that matter.

Defined scope, no hallucinated targets

02Discover

AI-augmented recon & analysis

Frontier models map the attack surface at scale. Human expertise directs them to the code paths that matter.

Scale of AI, precision of expertise

03Validate

Human-verified exploit chains

No PoC, no finding

04Coordinate & Deliver

90-day disclosure, full advisory

Vendor receives the report and exploit under a 90-day embargo. We coordinate the patch and publish the full advisory under CNA and GNA authority.

Citable, signed, indexed

CNA · GNA

CVE & GCVE Numbering AuthorityCISA-sponsored CNA · EU GCVE GNA

ISO

Disclosure ProcessISO/IEC 29147 & 30111 aligned

KEV

CISA KEV ContributorActive exploitation reporting

∞

Vulnerability IntelligenceVI Platform · 240k+ CVEs tracked

R3/HOW OFTEN THE MODEL IS RIGHT

AI proposes.
A practitioner
decides.

We record the model’s severity assessment before any human or vendor sees it, then compare it against the severity a practitioner confirms during triage. The gap is the value we add.

Practitioner-validated severity →

Critical

High

Medium

Low

Critical

High

Medium

Low

AI-assessed severity ↓

73.0%

Exact agreement

Model band matched the validated band

96.9%

Within one band

Off by at most one severity level

226

Findings compared

Completed practitioner triage

R4/WHO IT BENEFITS

The same work.
Four ways in.

Security leader · CISO

Verified intelligence on software your organisation runs

Define the target stack. We deliver a validated exploit, coordinated patch, and signed advisory — before public disclosure.

See the capability

Analyst · Journalist

A citable, public record of coordinated research

CVSS data, vendor, vulnerability class, disclosure timeline — all indexed and available for your reporting.

See the full breakdown

Independent researcher

Found something? We handle the hard part.

Bring your finding. We handle CVE assignment, vendor coordination, and publication. You retain full authorship and credit.

Get involved

Security practitioner

Root-cause analysis, exploit chains, CWE, CVSS scoring, remediation diffs — indexed and searchable per advisory.

Browse the advisory index

R5/HOW IT FITS THE SECURIN PLATFORM

Zero-day discovery
doesn’t run
in isolation.

Three capabilities, one pipeline.

Zero-Day Discovery

Frontier models directed by practitioner expertise. Human accountability at every stage.

CVE assignmentWorking exploitsCNA & GNA-signed advisories

APT

Automated Penetration Testing

Scales reconnaissance across large attack surfaces. Surfaces candidates for AI analysis — widening what the discovery program can reach.

Attack surface coverageCandidate surfacingReal-condition validation

Vulnerability Intelligence

240,000+ CVEs tracked. Prioritises targets by real-world exploitability and sharpens remediation with risk-based context.

Exploitability contextKEV correlationRisk prioritisation

∑

Automated pentesting widens coverage. Vulnerability intelligence focuses effort. AI workflows accelerate discovery. Human experts validate and weaponise.

R6/WORK WITH THE PROGRAM

Ready to
engage.

One starting point, wherever you sit.

Start an engagement Learn How we do it

Secure intakedisclose@securin.io

CNA & GNA ProgramAuthorized by CISA, MITRE & EU GCVE

Response SLA90-day coordinated disclosure

Zero-daydiscovery.Human-directed.

The full record.

Advisory index — every finding, searchable.

From targetto verifiedexploit.

Intelligence-led targeting

AI-augmented recon & analysis

Human-verified exploit chains

90-day disclosure, full advisory

AI proposes.A practitionerdecides.

The same work.Four ways in.

Verified intelligence on software your organisation runs

A citable, public record of coordinated research

Found something? We handle the hard part.

Root-cause analysis, exploit chains, CWE, CVSS scoring, remediation diffs — indexed and searchable per advisory.

Zero-day discoverydoesn’t runin isolation.

Zero-Day Discovery

Automated Penetration Testing

Vulnerability Intelligence

Ready toengage.

Zero-daydiscovery.Human-directed.

The full record.

Advisory index — every finding, searchable.

From targetto verifiedexploit.

Intelligence-led targeting

AI-augmented recon & analysis

Human-verified exploit chains

90-day disclosure, full advisory

AI proposes.A practitionerdecides.

The same work.Four ways in.

Verified intelligence on software your organisation runs

A citable, public record of coordinated research

Found something? We handle the hard part.

Root-cause analysis, exploit chains, CWE, CVSS scoring, remediation diffs — indexed and searchable per advisory.

Zero-day discoverydoesn’t runin isolation.

Zero-Day Discovery

Automated Penetration Testing

Vulnerability Intelligence

Ready toengage.

From target
to verified
exploit.

AI proposes.
A practitioner
decides.

The same work.
Four ways in.

Zero-day discovery
doesn’t run
in isolation.

Ready to
engage.

From target
to verified
exploit.

AI proposes.
A practitioner
decides.

The same work.
Four ways in.

Zero-day discovery
doesn’t run
in isolation.

Ready to
engage.