AI Hackers
for Big,
Scary,
Memory Bugs.

Pwno builds AI systems
that find memory bugs in real-world software

Book Demo Read the Blog

see pwno in action

Pwno is an AI cybersecurity startup.

We focus on memory bugs because they're some of the most expensive to fix, easy to miss, and hard to find in software.

The Internet runs on layers you never see.
We find bugs in foundations.

Hover a block to see what it is and what we found

FFmpeg

pinned

FFmpeg is a core library that a lot of software uses to decode, encode, and process video and audio. We deployed Pwno on FFmpeg and found six vulnerabilities in two days. We reported them through FFmpeg’s security channel and the fixes are merged upstream.

Heap buffer overflows (two separate issues)
Vulkan hwaccel out-of-bounds read
Stack overflow on deeply nested drawvg scripts
Heap overflow in extended TRC (Panasonic V-Log)
Precedence/logic bug in a demuxer edge case
SSE2 alignment-related crash in vf_noise

Read the FFmpeg write-up

Pwno is built by two people

One in high school, one in college.

Ruikai Peng

@ruikai

Youngest speaker at Black Hat USA
Youngest speaker at OAIC
5+ years in binary & ML security
Found bugs in FFmpeg and more

Designed & built Pwno's UI/UX
Operations lead
4+ years of shipping software
Software used by thousands

Evan Luo

@evannotfound

Roadmap
How far along we are

Our journey and milestones toward revolutionizing binary security.

Pwno Continuous Research Launch

Working full on Pwnuous (Pwno Continuous Research) for ggml-ai, and academically R&D with talk preparation for Black Hat. Talking to people about fundraising at meantime (Spark Lab, SSG), we're planning for launch at Black Hat with our research project.

8/1/2025

2025

August

Pwno Pre-Release

Pwno pre-release to invitational beta members. Zero-shot a heap off-by-one vulnerability with complex heap fengshui & heap unlink attack (inarguable).

7/8/2025

July

MLM Transformers Integration

Pwno integrated Tsinghua's MLM Transformers in pwno.io

7/7/2025

Continuous Research Development

Pwno start Pwno Continuous Research development for ggml.ai (llama.cpp, whisper.cpp)

6/24/2025

June

Inarguable CVE Discovery

Pwno found it's inarguable CVE, a heap-overflow in Llama.cpp Tokenizer (https://pwno.io/blog/prompt-to-heap-overflow)

6/19/2025

Revenue Milestone

Pwno reached 135 users, with gross revenue of $324 within three days

6/11/2025

First Invitational Beta

We started our first invitational beta of Pwno, Pwno gathered 80 users with researcher from Google, Alibaba, YC security company in our first day

6/10/2025

Tsinghua Collaboration

We collaborated with ML research group at Tsinghua University, AscendGrac, on Machine-Language native LLM (MLM), with CLAP and jTrans

5/20/2025

May

Black Hat USA 25 Acceptance

Tree-of-AST (component of Pwno) Accepted to Black Hat USA 25 (https://arc.net/l/quote/bogdufrk)

5/15/2025

Second Stage MVP

We started the development of second stage MVP of pwno, pwno.io

5/1/2025

AutoGDB Release

We released AutoGDB, a demo for doing one simple thing: Giving the tool of GDB (binary-level debugger) to zero-shot generalized LLMs: Transformers were able to successfully exploit CTF binary-exploitation challenges within one trial, through just purely playing with GDB, putting together exploits with shellcodes, ROP chains.

4/1/2025

April

Tree-of-AST Framework

Tree-of-AST dataflow analysis framework inspired by Tree-of-Thoughts: Tree-of-AST can find real-life zero-day vulnerabilities in I/O-heavy software. We recently submitted our call-for-paper for Blackhat.

9/1/2024

2024

September

Tsinghua Partnership

Working with Tsinghua University on binary-exploitation automation.

1/1/2024

January

AutoGDB Development

AutoGDB: Double ReAct reasoning, for GDB.

12/1/2023

2023

December