Pwno

Pwno is a AI cybersecurity startup founded by a high-schooler.
We take on the same problem Google Big Sleep does; the world's hardest cybersecurity problem: memory security. We find, patch big, scary memory bugs in world's most critical systems with AIs by scalable pipelines that reasons like us.

What we did:

We have found memory vulnerabilities in Chromium (Chrome by Google), Firefox (Mozilla), WebKit (Apple), Redis, PostgreSQL, DNG (Adobe) in a month.
We found and patched 6 memory vulnerabilities in FFmpeg in two days. The media decoder behind the internet, used by billions of people. (TikTok, YouTube)
We're R&D intensive; we spoke at Black Hat USA, OAIC. (Notably the presenter spoke as the youngest speaker in history for both conference)
You can see our open-source'd works at github, researches at research

We show people how good it is by
real-world bugs we found.
Here's the list

PROJECT	COMPONENT	ID	TYPE	DATE
FFmpeg	PWNO-0031	[REDACTED]	[REDACTED]	2026-01-16
V8	PWNO-0030	[REDACTED]	[REDACTED]	2026-01-14
FFmpeg	PWNO-0029	intra-object OOB write in ff_aac_usac_reset_state() (che->ch[ch])	OOB Write	2026-01-14
FFmpeg	PWNO-0028	[REDACTED]	OOB Read	2026-01-10
Linux	PWNO-0027	ublk partition_scan_work race UAF on device teardown↗	UAF	2026-01-08
V8	PWNO-0026	ARM64 MOPS memory.fill can write before OOB trap (scheduler treats kArm64Set as side‑effect‑free)	OOB Write	2026-01-07
FFmpeg	PWNO-0025	signed->unsigned skip regression in APP parser (jpeg)	Undefined Behavior	2026-01-06
Llama.cpp	PWNO-0023	[REDACTED]	[REDACTED]	2026-01-05
Postgres	PWNO-0022	OOB access in wakeupWaiters() chunking loop (WAIT FOR)↗	OOB Read	2026-01-05
V8	PWNO-0021	WasmFX: Turboshaft Suspend tag returns/params mismatch↗		2026-01-04
FFmpeg	PWNO-0020	Extra IFDs escaping via nested IFDs	OOB Write	2026-01-01
Redis	PWNO-0019	[REDACTED]	[REDACTED]	2025-12-30
Redis	PWNO-0018	[REDACTED]	[REDACTED]	2025-12-30
Redis	PWNO-0017	[REDACTED]	[REDACTED]	2025-12-30
Chromium	PWNO-0015	UAF read in WebDragDest::dropHitTestDidComplete invalid-drag-target path on macOS	UAF	2025-12-23
FFmpeg	PWNO-0014	Heap-buffer-overflow in EXIF writer for extra IFD tags↗	OOB Write	2025-12-21
DNG	PWNO-0013	[REDACTED]	Unitialized memory	2025-12-19
WebKit	PWNO-0012	[REDACTED]	[REDACTED]	2025-12-18
WebKit	PWNO-0011	[REDACTED]	[REDACTED]	2025-12-18
OpenSSL	PWNO-0010	OOB write in SHA3/KECCAK deserialization	OOB Write	2025-12-16
OpenSSL	PWNO-0009	OOB write via SHA-2 digest deserialization	OOB Write	2025-12-16
FFmpeg	PWNO-0008	Heap OOB write in libsvtjpegxs decoder, chunk mode↗	OOB Write	2025-12-14
FFmpeg	PWNO-0007	Heap OOB write in MPEG-TS JPEG‑XS PES parsing (libavformat/mpegts.c)↗	OOB Write	2025-12-14
Firefox	PWNO-0006	UAF in nsDocLoader::GetInterface during APZ repaint / scrolling↗	UAF	2025-12-13
FFmpeg	PWNO-0003	avformat/sierravmd: fix header read error check (tiny precedence bug)	Undefined Behavior	2025-12-11
FFmpeg	PWNO-0005	OOB read in Vulkan DPX hwaccel shader ↗	OOB Read	2025-12-11
FFmpeg	PWNO-0002	Crash in vf_noise SSE2 on misaligned frames ↗	Denial of Service	2025-12-08
FFmpeg	PWNO-0001	Stack overflow in drawvg parser on deeply nested scripts	Stack Overflow	2025-12-08