Prompt to Heap Overflow: Pwno's Debut CVE
Pwno's discovery of a heap overflow in Llama.cpp's Tokenizer
June 27, 2025
🚀
Invitational Beta
Invitational Beta
Autonomouslow-level security.
Putting security AIs into CPUs,
to observe, deduct, find in a degree that amazes us.
see pwno in action
see pwno in action
Pwno researches how Transformers system overpowers human in hardcore security research.
Finding & Exploitation
Autonomously for you
We provide a suite of tools for binary exploitation and security validation.
pwnuous
Pwno Continous Research
Finds deep and exploitable memory bugs right after commit, creating proof-of-concepts through code intelligence and research container
pwno.io
Pwno I/O
Autonomous reverse-engineering, vulnerability-discovery, exploit-development agents system for binaries
Roadmap
How far along are us
Our journey and milestones toward revolutionizing binary security.
Pwno Continuous Research Launch
Working full on Pwnuous (Pwno Continuous Research) for ggml-ai, and academically R&D with talk preparation for Black Hat. Talking to people about fundraising at meantime (Spark Lab, SSG), we're planning for launch at Black Hat with our research project.
8/1/2025
2025
August
Pwno Pre-Release
Pwno pre-release to invitational beta members. Zero-shot a heap off-by-one vulnerability with complex heap fengshui & heap unlink attack (inarguable).
7/8/2025
July
MLM Transformers Integration
Pwno integrated Tsinghua's MLM Transformers in pwno.io
7/7/2025
Continuous Research Development
Pwno start Pwno Continuous Research development for ggml.ai (llama.cpp, whisper.cpp)
6/24/2025
June
Inarguable CVE Discovery
Pwno found it's inarguable CVE, a heap-overflow in Llama.cpp Tokenizer (https://pwno.io/blog/prompt-to-heap-overflow)
6/19/2025
Revenue Milestone
Pwno reached 135 users, with gross revenue of $324 within three days
6/11/2025
First Invitational Beta
We started our first invitational beta of Pwno, Pwno gathered 80 users with researcher from Google, Alibaba, YC security company in our first day
6/10/2025
Tsinghua Collaboration
We collaborated with ML research group at Tsinghua University, AscendGrac, on Machine-Language native LLM (MLM), with CLAP and jTrans
5/20/2025
May
Black Hat USA 25 Acceptance
Tree-of-AST (component of Pwno) Accepted to Black Hat USA 25 (https://arc.net/l/quote/bogdufrk)
5/15/2025
Second Stage MVP
We started the development of second stage MVP of pwno, pwno.io
5/1/2025
AutoGDB Release
We released AutoGDB, a demo for doing one simple thing: Giving the tool of GDB (binary-level debugger) to zero-shot generalized LLMs: Transformers were able to successfully exploit CTF binary-exploitation challenges within one trial, through just purely playing with GDB, putting together exploits with shellcodes, ROP chains.
4/1/2025
April
Tree-of-AST Framework
Tree-of-AST dataflow analysis framework inspired by Tree-of-Thoughts: Tree-of-AST can find real-life zero-day vulnerabilities in I/O-heavy software. We recently submitted our call-for-paper for Blackhat.
9/1/2024
2024
September
Tsinghua Partnership
Working with Tsinghua University on binary-exploitation automation.
1/1/2024
January
AutoGDB Development
AutoGDB: Double ReAct reasoning, for GDB.
12/1/2023
2023
December
PwnBERT
PwnBERT: semantic-based BERT vulnerability classifier.
3/1/2023
March
Chat-With-Binary
Chat-With-Binary: RetDec + RAG, LLM Reverse-Engineer.
1/1/2023
January
Latest Works
Insights and updates from our security research.
Join our waitlist
Not ready to sign up? Join our waitlist to get notified when we launch.
No spam
Unsubscribe anytime