A vulnerability
scanner that
thinks.

Athena reads your entire repository for hours and reasons about it from first principles — finding the vulnerabilities that live beyond pattern matching.

A run, unredacted. The system argues with itself — and shows its working.

Hypotheses under examination scan · 0x4f2c
Finding — surviving cross-examination confirmed · 03:42
Confirmed

Authentication bypass on account deletion

services/auth/verify.py · lines 184–207 · severity high
Reasoning The delete handler short-circuits verification when token.kind == "admin", trusting the claim before verify_signature() runs. Any signed-looking blob with that claim passes. Repro POST /v1/accounts/{id}/delete with a forged token of kind admin — see repro script in the report.
Critique log — “Refutation attempted four ways: mTLS, WAF rule, pre-handler middleware, version history. None are invoked on the delete path. Fault confirmed.”
Confirmed

Cross-tenant invoice access via warm cache

services/billing/invoices.py · lines 42–71 · severity high
Reasoning Invoice lookup checks ownership only on the DB path. Cache hits skip the check entirely — a warmed cache exposes any invoice by incrementing the id. Repro Request /invoices/{your-id} to warm the cache, then /invoices/{neighbor-id}. The second call returns without an ownership assertion.
Critique log — “Considered: signed URL, tenant-scoped cache key, gateway ACL. The cache key is plain (id) and the ACL lives below the cache. Exploit holds.”
Refuted

SSRF via unrestricted URL fetch — not exploitable

services/preview/fetch.py · lines 88–130 · verdict refuted
Hypothesis The preview endpoint appeared to accept arbitrary URLs and forward them server-side, suggesting SSRF into the internal metadata service. Why it fails Outbound requests route through an egress proxy that blocks RFC1918, 169.254.*, and the metadata IP before the socket opens. The check runs before DNS resolution, so rebinding is closed too.
Critique log — “Four vectors: direct IP, hostname to internal, DNS rebinding, redirect chain. Egress proxy rejects all at L4. No exploit.”
Confirmed

Privilege escalation via mass-assignment on member update

services/workspace/members.py · lines 204–238 · severity critical
Reasoning The member-update handler spreads the request body into the model without a field allowlist. The role field is writable even though the UI never exposes it — any member can PATCH themselves to owner. Repro As a regular member, PATCH your own membership with {"role":"owner"}. The server returns 200 and the role is persisted.
Critique log — “Looked for: middleware scrubbing, serializer allowlist, audit-log trigger. None reject the role write. Confirmed on staging replica.”
Refuted

Second-order XSS via markdown cache — not exploitable

services/render/markdown.py · lines 156–190 · verdict refuted
Hypothesis The cache appeared to store raw rendered HTML and sanitize on read, which would let a poisoned entry serve unsanitized markup to the next reader. Why it fails Read tracing shows the sanitizer runs before the cache write, not after the read. Every cached value is already scrubbed; poisoning is not reachable from any write path.
Critique log — “Traced every writer into the cache. All paths pass through sanitize(). Hypothesis falsified.”

Athena has already found critical vulnerabilities in the code running half the internet.

  • Redisin-memory store
  • libuvasync I/O runtime
  • ffmpegmedia pipeline
  • Reactui framework
  • Next.jsapp framework

Reasoning generalizes. Rexion engineers harnesses that extract maximum performance from raw model reasoning while staying agnostic to language, framework, or stack. The model is a commodity — the harness is the moat.

What a good auditor does — at a scale that doesn't sleep.

01

Read the whole repository.

Every module, call graph, control-flow path, and piece of business logic — reconstructed as a working model of behavior.

02

Form hypotheses.

For each component, Athena reasons about what it should do and what it might do wrong, building an understanding deeper than the author's.

03

Argue against itself.

A separate critique agent demands evidence, builds counter-examples, reads the tests the first agent skipped. Anything that cannot withstand cross-examination is dropped — that is how the false-positive rate stays near zero.

04

PoC || GTFO.

Every finding is reported with a working reproduction — or it isn't reported at all.

The scanner and the scholar.

22% of merged code is now AI-authored. Daily AI users ship 60% more PRs. Pattern matchers were already behind — now they're drowning.

Legacy SAST

Matches shapes it has already seen.

  • Rule-based pattern matching against known CWEs
  • Blind to business-logic flaws — the cause of most real breaches
  • Ships a noisy queue; triage becomes your second job
  • Gets relatively worse as the model frontier advances
Athena

Reads the code and reasons about what it does.

  • Builds a model of behavior, then asks how that behavior fails
  • Catches bug classes no rulebook has named yet
  • Refutes its own findings — near-zero false-positive rate
  • Gets stronger with every frontier-model release

Run Athena on your codebase.

Point Athena at a repository and receive, within a day, a short report of every fault that survives internal critique — with reasoning and a working reproduction. Access is limited while we scale.