Aeon AI Risk Management
Authorized AI security research, disclosed responsibly.
Aeon conducts frontier-level defensive and authorized offensive vulnerability research, then privately discloses confirmed findings through coordinated security channels before public naming.
Questions this page answers
- What can Aeon say publicly about its security research?
- Aeon can say it operates an owned-lab vulnerability research pipeline and has privately disclosed confirmed findings across AI/ML systems, MCP servers, Jenkins plugins, and WordPress/WooCommerce extensions.
- What should not be claimed publicly?
- Do not claim CVEs, public advisories, bounty payments, or named unpatched vendors unless a public vendor or advisory source confirms it.
Research principles
Authorized-only, whitehat, evidence-driven, non-destructive testing with coordinated disclosure and human expert review. Offensive capability is used only in approved scopes, owned labs, and responsible disclosure workflows.
Vulnerability classes
Broken access control in AI/ML APIs, MCP/tool command-injection risks, SSRF, WordPress/WooCommerce authorization flaws, and Jenkins plugin permission-boundary issues.
Public boundary
Do not claim CVEs, public advisories, bounty payments, or named unpatched vendors unless public sources confirm them.