What we have worked on since the studio opened in May 2026. Some details are withheld while reports are in triage; what you see here is the honest current status, nothing inflated.
Status: GHSA private advisory submitted · in triage · CVE pending
A division-by-zero reachable through a crafted model file. Reported privately to the maintainers through GitHub's advisory process. Details will be published after the fix ships or the disclosure window closes.
Status: submitted to huntr · awaiting review
A heap out-of-bounds read reachable from a 232-byte crafted file, verified against a real build with sanitizers. Report identifiers are available to maintainers and triagers on request.
Status: published
Defensive research on data exfiltration over near-ultrasonic audio, with detection rules you can deploy. Published openly: github.com/aidanhearth/threat-research
Status: report drafted · details withheld pending submission and triage
An authorized finding on a HackerOne program. Out of respect for the program's rules, nothing further until triage completes.
Last reviewed: 2026-06-07