My Flock Safety independent security research has reached the point where it felt necessary to compile it all into a formal white paper and statement. Moving forward, all vulnerabilities will be added first to this white paper during the responsible disclosure embargo.
Agent Ready Armor (ARA) Teaser
Agent Ready Armor (ARA) — a runtime substrate for AI agents. Containment for what agents do, provenance for what they produce. Built for the demands of offensive security, applicable to any agentic deployment. Second in the Ready Armor Suite, after BRA. Control in Depth.
Arctic Base
Arctic Base is a single place per project where your AI coding agent can drop approval forms, share files both ways, render markdown for review, drive a persistent task list, and wait for you to respond — without bloating your chat context or forcing you to copy-paste.
Releasing Battle Ready Armor Slim — AI as force-multiplier, not autopilot
The default in most "AI security" tools today is that the model runs the engagement. Battle Ready Armor takes the opposite position: the operator drives, the AI is advisory, and the framework holds the line mechanically —through approval tokens, scope checks, and on-disk anonymization that survive any model swap. Slim is the free tier, out today.
Qwen 3.6 via LMStudio + Openclaw Workaround
Wanted to test out qwen 3.6 on my dgx spark for openclaw and ran into some issues. I’m sure it’ll be fixed soon but in case here’s the workaround I found to get it working. https://gist.github.com/J-GainSec/abc563d2bc0063530711e4342edf7537 END TRANSMISSION
SectorMap Release
Random little tool I decided to release. A fun little docker deployable, offline archiver and viewer for links/data. Desktop and mobile friendly. Import/export db or csv. Multi db support. Mgmt built in. Native iOS app in review as well https://github.com/GainSec/SectorMap END TRANSMISSION
AutoProber – Automated PCB Probing for hardware hackers
AutoProber is the hardware hacker's flying probe automation stack for giving your agent everything it needs to go from "there's a new target on the plate" to probing individual pins.
Finding 67 Flock Safety Live PTZ Camera/LPR Feeds and Debug Web Interfaces accidentally exposed without authentication to the internet
How I took a security researchers initial discovery and found another 63 instances of Flock Safety Camera Feeds and Debug Web Service exposed unauthenticated to the internet. Also learn how it ended up being exposed to the internet and how to ensure it doesn't happen to you.
Introducing LeakScope
An all-in-one Shodan & ZoomEye supported tool to search, browse, preview and dump data leakage across 20+ services. Pulls real exposure straight from the sources instead of guessing. Drop it into your workflow and watch it surface leaks you won't find anywhere else.
BirdEye
A TensorFlow Lite harness I threw together for some security research in regards to my long going Bird Hunting Season project!