Ai-Assisted-Research

AMP Deep Extraction Open Redirect in DuckDuckGo Privacy Essentials (Firefox)
AMP Deep Extraction Open …

Background

I’ve been spending some time looking at browser extensions as a security target. They are interesting because they sit between the browser and the network, operate with elevated permissions, and users generally trust them implicitly. The whole point of a privacy extension is that …

April 13, 2026 Read
Finding a Svelte SSR XSS via Unsanitized idPrefix in HTML Comment Markers
Finding a Svelte SSR XSS …

Background

I’ve been working through Vercel’s bug bounty program, which explicitly calls out server-side rendering and compiler security as focus areas. Svelte is a Tier 1 target in that program, and since Svelte 5 introduced a significant rework of how components are compiled and …

March 23, 2026 Read
Finding an Authentication Bypass and Credential Disclosure in Seerr Using Claude and Bitwarden's AI Security Plugins
Finding an Authentication …

Background

I’ve been running Seerr at home for a while now. It’s a self-hosted media request manager, forked from Jellyseerr/Overseerr, and it’s the kind of app that gets exposed to the internet pretty regularly since family members need to be able to submit requests. That always …

February 27, 2026 Read