Drost Research
Receipts, not hunches.
Vulnerability research from Drost. Every finding is proof-gated — a sanitizer-confirmed crash or a proof from the real runtime. Honest when a bug is known, quiet when a theory is unproven, loud only when there is a receipt.
BenchmarkJune 17, 2026·12 min read
DrostBench v1: a 100-challenge offensive-security benchmark
Three frontier models as backends for the Drost Attack Agent, scored on end-to-end objective capture across 100 web-application security challenges.
Read the note
Drost ResearchJune 12, 2026·8 min read
Drost rediscovered nginx-poolslip and proved it with ASAN
Validating AI vulnerability research with a sanitizer-confirmed crash
Read the note
Technical NoteMay 11, 2026·28 min read
Cyber agency is stack-level, not model-level
From cyber-capable models to scoped, verified autonomous security outcomes
Read the note