SK · v0.1 — 2026

Adversarial testing for modern software and the models behind it.

We break web apps, APIs, and AI systems — before the bad guys do. Quietly, and with receipts.

Book an assessment Our services
Vulnerabilities reported to

Two disciplines.
One adversarial mindset.

/ Services — 01 / 02
01 — APPSEC

Web & API security testing

Deep-context assessments of production web platforms and APIs. We find what scanners miss.

  • Authn / authz & tenant isolation
  • Business-logic abuse
  • SSRF, IDOR, deserialization chains
02 — AI / LLM

AI & LLM security testing

Red-teaming for production agents, RAG pipelines, and model-backed features — the way attackers do it.

  • Prompt injection & jailbreaks
  • Agent & tool-use exploitation
  • RAG / context poisoning

Small team.
Senior practitioners only.

/ Team — 01 / 01

Vitor Falcão

Founder · @busfactor

Bug bounty hunter and vulnerability researcher focused on web, cloud, and AI. Founder of Sekkai Labs.

2026 Google bugSWAT LHE 2nd place
2025 Google bugSWAT LHE 2nd place
2025 Google VRP Best AI researcher

Start an engagement.

/ Contact — 01