// Research
Proof of capability.
Vulnerability write-ups, benchmarks, and responsible disclosures from the Rift team. For an AI pentester, published research is the only honest proof the agents find real bugs in real software.
// Latest
Write-ups & disclosures
Disclosure8 min read
How an agent chained an SSRF into cloud-metadata creds
A walk through the reasoning chain, the exploit, and the responsible-disclosure timeline.
Read →
Benchmark12 min read
Rift on public web-exploitation benchmarks
Methodology and results for how our agents perform against open, reproducible test suites.
Read →
Engineering6 min read
Separating explore from verify to kill false positives
Why the agent that finds a bug shouldn't be the one that decides it's real.
Read →
DisclosuresBenchmarksEngineeringAgent capabilityAppSecThreat research
// Disclosure index
Credited to Rift agents
CVE-2026-••••
Authentication bypass in a popular self-hosted dashboard — patched, write-up linked.
CVE-2026-••••
Server-side request forgery in an open-source API gateway.
CVE-2025-••••
Insecure deserialization leading to RCE in a CI plugin.
Coordinated
Several vendor disclosures under embargo — listed on publication.
Placeholder entries — the live index links each CVE to its full write-up.
// Stay in the loop
Get new research in your inbox
Disclosures, benchmarks, and engineering notes. Roughly biweekly, no fluff.
Read what the agents found.
New write-ups and disclosures, roughly biweekly. No marketing — just security.