Research & Case Studies
Deep dives into autonomous pentesting, agentic workflows, and how we are securing the modern software supply chain.
Catching BOLA in a UK Beauty Startup's FastAPI Backend
A rapidly growing UK-based beauty startup connected Alcazar to their core backend repository. Within minutes of a new pull request, our static agent intercepted a critical Broken Object Level Authorization (BOLA) vulnerability in their Python/FastAPI endpoints.
The Vulnerability
An endpoint allowed querying user billing details by user_id without validating if the authenticated token matched the requested ID.
The Autonomous Fix
Alcazar didn't just flag it. It generated a contextual fix PR enforcing current_user.id == user_id at the dependency injection layer.
43
44
45
46
47
48
async def get_billing(
user_id: int,
user = Depends(get_current_user)
): return db.query(Billing).filter(
Billing.user_id == user_id
).first()
The user_id from the path is used in the database query without verifying it matches the authenticated user.id. This allows any user to read others' billing details.
+ raise HTTPException(status_code=403)
Metasploitable3 Challenge Results
Saracen Outperforms Nearest AI Competitor by 12% in CTF Challenge
We pitted Saracen against a custom Metasploitable3 environment designed to test advanced exploitation paths. Saracen achieved a 94% success rate, scoring a full 12% higher than the next leading autonomous agent.
Deep Pivoting
Unlike standard scanners, Saracen successfully exploited an exposed Tomcat manager, captured credentials, and pivoted into a misconfigured internal Docker API to achieve root.
Zero Hallucinations
Every flag captured included a cryptographically verifiable proof-of-exploit. The competing agent hallucinated 3 exploits that failed upon human verification.