depthfirst labs

Applied AI and security research building a safer software future.

Backed by contributors from:

Mav Levin

November 24, 2025

Anatomy of an Automated Patch: Fixing a File Upload RCE CVE-2025-59304

The best security alerts are the ones that come with a fix. Our platform recently discovered and automatically generated a patch for a critical RCE in Swetrix Web Analytics. This post dissects the vulnerability (a classic Path Traversal), the exploit, and the code for the automated patch.‍

Mav Levin

October 19, 2025

Casting a Net(ty) for Bugs, and Catching a Big One (CVE-2025-59419)

Our agents discovered the vulnerability, provided a risk assessment, and generated a patch autonomously. I shared the results with the Netty maintainers who assigned CVE-2025-59419 and merged our fix.

Mav Levin

October 20, 2025

How An Authorization Flaw Reveals A Common Security Blind Spot: CVE-2025-59305 Case Study

Some of the most powerful and sensitive operations in a modern web application happen in the background: data migrations, report generation, internal maintenance. Because these processes run behind the scenes, their access controls are often overlooked.

Start finding critical vulnerabilities in minutes

Link your Github repo in three clicks.

Demo depthfirst now