Lilith — the autonomous vulnerability discovery engine.

Lilith orchestrates frontier LLMs across a 20-phase pipeline that takes a target from source ingestion to CVE-ready disclosure, end-to-end, with no human in the loop. Every finding is verified on isolated infrastructure with AddressSanitizer before it reaches you.

[Inside Lilith]

Four stages, twenty phases, zero humans.

Lilith's pipeline runs autonomously. Python control gates every handoff so LLM decisions never bypass verification.

01

Reconnaissance

Lilith ingests the target, classifies its threat model (library, daemon, parser), loads relevant protocol specifications, and surveys prior vulnerability patterns for the ecosystem.

02

Exploration

Parallel LLM explorers analyze code paths, cross-reference against RFCs, and generate adversarial attack hypotheses. An evaluator phase filters weak candidates before expensive verification.

03

Verification

Each surviving candidate compiles against an ASAN-instrumented build on isolated GCP instances. An evidence gate rejects hallucinated stack traces — only reproducible crashes continue.

04

Reporting

Lilith packages validated findings as CVE-ready markdown — CWE classification, CVSS scoring, runnable PoC code, and coordinated-disclosure guidance — generated autonomously.

[Capabilities]

What Lilith finds.

Lilith targets vulnerability classes across memory safety, protocol compliance, cryptography, and application logic.

>_Memory safety vulnerabilities

Buffer overflows, use-after-free, null pointer dereferences, integer overflows, and other memory corruption issues.

>_Protocol compliance violations

Deviations from RFC specifications in TLS, DTLS, X.509, DNS, and other protocol implementations.

>_Cryptographic weaknesses

Key handling errors, padding oracle conditions, timing side channels, and cipher implementation flaws.

>_Logic and state machine errors

Authentication bypasses, state machine violations, race conditions, and improper input validation.

[Targets]

Battle-tested across infrastructure.

Codebases Stella has audited or is actively auditing, grouped by domain.

[Cryptographic libraries]

wolfSSLArm mbedTLSGnuTLSMozilla NSS (Firefox)

[VPN & tunneling]

strongSwanOpenVPNSoftEther VPN

[Routing & DNS]

FRRoutingPowerDNS

[Inference & ML]

Intel OpenVINO

[ $ lilith run --target your-codebase ]

Audit your infrastructure with Stella.

Tell us about the codebase you want audited. We respond within 24 hours with scoping questions and an engagement proposal.

Request an audit