securityinvestigations.org
securityinvestigations.org / Mission & Vision

Why We Do This

The AI supply chain got real problems. We're building the infrastructure to find them before the bad actors do.

The Problem Space

Look, we've been doing security for a minute. Traditional AppSec, pentesting, the whole thing. But when foundation models started shipping in production? The threat landscape changed fundamentally.

Your standard web vuln scanner ain't gonna catch prompt injection. SAST tools don't know what to do with a system prompt. And most red teams? They're still thinking in terms of network perimeters when the actual attack surface is a chat box.

We saw the gap. Now we're filling it.

What We Actually Do

Aggregate

We pull vulnerability data from everywhere — disclosed jailbreaks, CTF writeups, academic papers, bug bounty findings. Then we normalize it. If someone found a way to bypass GPT-4's guardrails last week, you'll know about it here.

Track

The Jailbreak Leaderboard tracks which models are currently susceptible to what. Updated daily. Methodology is transparent — check the scoring rubric if you wanna verify.

Connect

We aggregate AI-specific bug bounty programs so researchers can find where to submit. Getting paid for your findings shouldn't require knowing somebody who knows somebody.

Educate

The OWASP LLM Top 10 is our reference implementation. Real examples, real mitigations. No theoretical bs — just what's actually happening in the wild.

Scope of Coverage

We focus on the stuff that actually matters for deployed AI systems:

  • Prompt Injection — direct and indirect. The most common attack vector by far.
  • Jailbreaks — getting models to ignore their safety training. DAN, hypnotism, the whole catalog.
  • Model Theft — extraction attacks, weight stealing, distillation without consent.
  • Training Data Poisoning — backdoors inserted during fine-tuning.
  • Insecure Output Handling — when LLM output gets executed without sanitization.

Our Principles

Responsible Disclosure, Always

We don't publish zero-days. Vendors get notice. Timeline depends on severity, but we're not trying to burn anybody — we're trying to make systems safer.

Open Data Where Possible

Aggregated findings, scoring methodologies, evaluation frameworks — it's all public. The only things we hold back are specific exploit details during disclosure windows.

No Vendor Capture

We don't take money from the labs we evaluate. Period. Our bounty aggregator lists all programs — we're not promoting any particular vendor.

Researcher-First

If you find something and submit it through us, you keep the credit. Your name goes on the finding. We're infrastructure, not competition.

Brief History

Started in early 2023 when a bunch of us from different infosec backgrounds kept running into the same problem: nobody was tracking AI vulns systematically. The incident databases didn't have categories for it. The CVE system didn't know what to do with "model says harmful things if you ask in French."

So we started a spreadsheet. Then the spreadsheet became a database. The database became this site. The contributors are security researchers, ML engineers, and policy folks who got tired of watching the same vulns get rediscovered over and over.

We're not a company. We're not VC-backed. We're just people who think this work needs to exist.

Want to Contribute?

We're always looking for researchers to submit findings, help maintain the leaderboard, or contribute to the OWASP documentation. Everything goes through peer review.

Report a Vulnerability Submit Research