👁 argo findings
Argo · real-world validation

Bugs found by reading the code, disclosed in the open.

Every vulnerability below was surfaced by Argo, an LLM-native static auditor, then hand-verified and reported upstream — as a public pull request or a published security advisory. Follow any link to the fix or advisory itself.

0
Projects
0
Public PRs
0
Already merged
0
Languages
Scope Only findings that are already publicly disclosed are listed, each linking to its upstream pull request or published security advisory. Findings still under coordinated (private) disclosure are omitted until they go public.
Status Recent access restrictions on the strongest security-capable models have made automated vulnerability detection harder for the moment, so new disclosures are paced down until the project resumes at full speed in September 2026.

Disclosures

merged fixes first · then open review

Contribute & support

open to reports, PRs, and sponsors

Contribute

Found a false positive, a bug Argo missed, or want to sharpen a prompt? Reports and pull requests are genuinely welcome, the false-positive and false-negative reports most of all. Found a real vulnerability with Argo — or one it missed? Report it, and you'll be credited right here next to the finding.

Support the work

Argo is one of my solo, self-funded projects. Sponsorship covers the model bills the audits run on and keeps the work going.