Argo · real-world validation
Bugs found by reading the code, disclosed in the open.
Every vulnerability below was surfaced by Argo, an LLM-native static auditor, then hand-verified and reported upstream — as a public pull request or a published security advisory. Follow any link to the fix or advisory itself.
0
Projects
0
Public PRs
0
Already merged
0
Languages
Scope
Only findings that are already publicly disclosed are listed, each linking to its upstream pull request or published security advisory. Findings still under coordinated (private) disclosure are omitted until they go public.
Status
Recent access restrictions on the strongest security-capable models have made automated vulnerability detection harder for the moment, so new disclosures are paced down until the project resumes at full speed in September 2026.
Disclosures
merged fixes first · then open reviewContribute & support
open to reports, PRs, and sponsorsContribute
Found a false positive, a bug Argo missed, or want to sharpen a prompt? Reports and pull requests are genuinely welcome, the false-positive and false-negative reports most of all. Found a real vulnerability with Argo — or one it missed? Report it, and you'll be credited right here next to the finding.
Support the work
Argo is one of my solo, self-funded projects. Sponsorship covers the model bills the audits run on and keeps the work going.