winfunc has autonomously found security vulnerabilities in some of the biggest companies
Get started in 3 simple steps.
Connect Codebase
Link your GitHub repositories securely. We map your architecture instantly.
Autonomous Audit
Receive a deep-dive security audit with PoCs for every vulnerability found.
Continuous Protection
Automated patches via PRs. We scan every commit to keep you zero-day safe.
Latest from the lab.
Hacking the old HackerNews codebase
Auditing the old HackerNews codebase for security vulnerabilities with LLMs on a specialized harness.
What an automated vulnerability research system actually found
Thirteen patched bugs across nine projects, including Node.js, React, NGINX, Mattermost, Supabase, Bun, Gumroad, Anthropic's MCP SDK, and Better-Auth. What the system got right, where it still falls over, and why executable PoCs matter more than model reasoning.
How Asterisk Works
A repost of the original Asterisk architecture: how an AI security agent indexed code, generated attack ideas, verified vulnerabilities, and produced patches with low-noise reports.