We find bugs that slip past scanners and audits.
Teatime Lab is a security research group. We build an AI agent for automated vulnerability discovery across binary analysis, penetration testing, and blockchain systems.
Our agent has uncovered security issues in the Linux kernel, Chrome V8, and core internet infrastructure.
What we do
ServicesAI Agent Code Audits
SaaSOur proprietary AI Agent reasons over source and binaries to surface memory-safety, logic, and access-control flaws at the scale of a whole codebase — in hours, not months.
Binary Security
ManualReverse engineering, exploit development, and low-level review of kernels, hypervisors, firmware, and closed-source components.
Penetration Testing
ManualApplication, network, and infrastructure pentesting led by researchers who have shipped real-world exploits.
Blockchain Security
ManualSmart-contract audits, protocol-level review, and bridge / node client assessments across EVM and non-EVM ecosystems.
Vulnerability findings
ResearchA selection of vulnerabilities discovered by our AI Agent and research team. CVE identifiers will be published here once coordinated disclosure with upstream vendors is complete.
| Project | Description | Type | ID |
|---|---|---|---|
| maddy (foxcpp/maddy) | LDAP filter injection via unsanitized username in auth.ldap enables identity spoofing, directory enumeration, and blind attribute extraction over SMTP/IMAP authentication | LDAP Injection | CVE-2026-40193 |
| Linux kernel | epoll: Use-after-free during concurrent epoll_wait and close leads to privilege escalation via arbitrary kernel read/write | Use-After-Free | Pending |
| Linux kernel | [REDACTED]: Out-of-bounds read in protocol header parsing, present since [REDACTED], leads to kernel heap information disclosure | Out of Bounds | Pending |
| Linux kernel | [REDACTED]: Use-after-free due to refcount imbalance leads to privilege escalation | Use-After-Free | Pending |
| Linux kernel | [REDACTED]: Use before initialization of stack variable leads to arbitrary write primitive | Use Before Initialization | Pending |
| Linux kernel | [REDACTED]: Double free leads to privilege escalation via page reuse primitive | Double Free | Pending |
Descriptions marked [REDACTED] are embargoed pending vendor coordination.
Work with us
Reach out for engagement inquiries, AI Agent access, or coordinated vulnerability disclosure. We respond within two business days.
Featured
-
CVE-2026-40193: LDAP filter injection in maddy
A deep dive into the unsanitized-username LDAP injection we reported in foxcpp/maddy — including the two-path timing side-channel that turns every SMTP AUTH response into an oracle.