about

Causal Security is an AI security research firm.

We build advanced systems for deep, context-aware security assessment across the stack, reasoning about real exploitable risk at the rate modern software is written.

Built by researchers and operators who have shipped, attacked, and defended real systems.

the approach

Scattered knowledge becomes one security brain.

Fragments from your tools, tickets, code, and prior findings connect into a model that reasons across the whole stack, not one diff at a time.

apisvc·paydb iam webhook s3·feed cron vault pass 01 · building the model from zero pass 01 the model · kept current tickets PRs slack configs diagrams prior findings web api service cloud data

our first flagship product

Cipher: an AI security engineer.

Design review Threat modeling Code understanding Live validation

Cipher combines design review, threat modeling, code understanding, and live validation to find real, exploitable risk. It understands how your systems are built, how they are exposed, what controls exist, what failed before, and where attackers can chain weaknesses next.

Detection is only the start. It ranks by exploitability, maps blast radius, identifies root cause, finds variants, and gives remediation teams enough context to fix confidently.

Read the full thesis →
Built by operators & AI researchers

As attackers, defenders, and AI researchers, we know what matters, what's noise, and how to prove it.

i
Led security at
AWS
Coinbase
ii
Top researcher at
Cobalt
Independent pentest research.
iii
Senior AI researchers at
LinkedIn SentinelOne
Applied ML at scale & AI-driven threat detection.
iv
Disclosed at 100+ high-value targets
Apple
Google
Microsoft
PayPal
United Airlines
Yahoo
Bitfinex
Mbed TLS
Netherlands
Among the internet's most-attacked surfaces.

where this goes

One brain. Every surface.

Cipher is the first product, not the last. We're extending the same reasoning to the surfaces modern systems actually run on, and to the industries that depend on them. The surfaces in scope:

See all use cases →
The ask

One repo. One target. One unattended review. Exploitable findings.

No slides, no sales pitch. You talk to a researcher who does this work. Point us at a system you own, even your hardest environment, and we hand back validated, exploitable findings, each one proven. If there's nothing worth your time, you'll know that too. Either way, you know where you stand.