Building the future of security auditing.
Stella LLC was founded on a simple premise: the best security audits should be accessible to every open-source project and infrastructure team — not just those with six-figure budgets.
[Our Mission]
Security for every project.
Critical infrastructure software protects billions of connections daily. Yet most open-source projects cannot afford professional security audits, and most enterprises cannot audit every dependency they ship. Stella changes this equation by automating the discovery and validation of real vulnerabilities at a fraction of traditional cost and time.
[Where We're Headed]
From audit service to continuous discovery.
Today, Stella delivers bespoke audits powered by Lilith. We are building toward a self-serve version — where any infrastructure team can run Lilith continuously against their own codebase and catch regressions before they ship. Beyond C/C++, we see Lilith's methodology extending to other memory-unsafe ecosystems and to firmware.
[Founder]
Haruto Kimura
Founder & CEO
Security researcher and engineer with a focus on infrastructure vulnerability discovery. Built Lilith from the ground up to automate what traditionally requires months of manual effort per target. Contributed to responsible-disclosure findings across cryptographic libraries, VPN implementations, and DNS infrastructure.
[Timeline]
From concept to 16 CVEs.
2025
Lilith v1 — CLI Orchestrator
First version built as a CLI-based orchestrator using Claude Code subprocesses. Proved the concept of AI-driven vulnerability discovery.
Early 2026
Lilith Engine — Production Pipeline
Multi-provider LLM routing and a modular pipeline architecture. Production-ready end-to-end vulnerability discovery with GCP-instrumented validation.
Q1 2026
First CVEs Assigned
wolfSSL and Arm mbedTLS vulnerabilities discovered and responsibly disclosed.
Q2 2026
16 CVEs Across 6+ Vendors
Expanded to strongSwan, PowerDNS, GnuTLS, and Intel. 57 accepted findings across 40+ targets.
Ahead
Lilith Engine — Continuous Self-Serve
A hosted version of Lilith where infrastructure teams connect their own codebase and receive continuous vulnerability discovery on every commit.
[ $ lilith run --target your-codebase ]
Audit your infrastructure with Stella.
Tell us about the codebase you want audited. We respond within 24 hours with scoping questions and an engagement proposal.