Skip to content
View romain-deperne's full-sized avatar

Organizations

@HackInProvence

Block or report romain-deperne

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
romain-deperne/README.md

Romain Deperne

Offensive Security · AppSec & Source-Code Review · AI-driven offensive tooling OSCP · OSWA


What I do

Penetration testing and application-security source-code review, scaled with an AI-driven offensive harness I built and operate. The harness is an LLM-agent system that reads source, hypothesizes vulnerabilities, writes and runs PoCs to confirm them, kills false positives, and files coordinated-disclosure reports — human-in-the-loop on every aggressive action. I steer it, validate its output against professional standards, and benchmark where automation beats (or misses) a human pentester.

It has driven 300+ projects audited, 200+ reports filed, and 40+ CVE IDs assigned across the AI/LLM ecosystem — the official MCP SDKs (Python, TypeScript, Rust), LangChain, LlamaIndex, mem0, RAGFlow, KubeAI, Dagster, JupyterHub and more — with multiple high-CVSS RCE chains. Findings span Python, Go, TypeScript/JS, C# and C/C++. Every report ships with a standalone, reproduced PoC.

🛠 Flagship — how I work at scale

vulnhunter-harness — architecture & methodology of the AI-driven offensive-security harness: agent orchestration, non-bypassable scope hooks, the find → prove → disclose loop, and the human-vs-automation benchmarking that makes it trustworthy on real engagements.

Featured CVEs — published & reproduced

Each link is a public repo with the full write-up, root-cause analysis and a working PoC.

CVE Target Class CVSS Ecosystem
CVE-2026-27825 mcp-atlassian Path Traversal (arbitrary file read) 9.3 🤖 MCP server
CVE-2026-33980 adx-mcp-server KQL Injection 8.8 🤖 MCP server
CVE-2026-48017 DbGate Remote Code Execution 8.8 Database tooling
CVE-2026-34940 KubeAI OS Command Injection 8.7 🤖 AI serving infra
CVE-2026-34975 Plunk CRLF Email Header Injection 8.5 Web
CVE-2026-32247 graphiti-core Cypher Injection 8.1 🤖 AI memory / RAG
CVE-2026-41490 Dagster SQL Injection (dynamic partitions) High 🤖 Data / AI orchestration
CVE-2026-34160 Chamilo LMS Unauthenticated SSRF 7.5 Web
CVE-2026-33715 Chamilo LMS Unauth SSRF + Open Email Relay 7.5 Web
CVE-2026-40864 JupyterHub XSRF bypass (CWE-352) Moderate 🤖 ML notebooks

All GitHub Security Advisories I'm credited on

Recognition

  • 🇫🇷 WorldSkills 2024 France — Cybersecurity Champion
  • 🌍 WorldSkills International — World Top 10
  • Reserve cyber officer @ Gendarmerie Nationale

Selected publications & talks

  • React2Shell: CVE-2025-55182, Zero-Click RCEMISC Magazine #144
  • Understanding CUPS Vulnerabilities (CVE-2024-47xxx)MISC Magazine #138
  • Live Hacking Demo — Barbhack Conference, Palais des Congrès

Contact


Pentest delivery · AppSec & source-code review · AI-assisted vulnerability research · coordinated disclosure. Open to offensive-security roles.

Pinned Loading

  1. CVE-2026-32247 CVE-2026-32247 Public

    Cypher Injection in graphiti-core (getzep/graphiti) via unsanitized node_labels — CVSS 8.1

    Python

  2. CVE-2026-33980 CVE-2026-33980 Public

    KQL Injection in adx-mcp-server via table_name parameter — CVSS 8.8

    Python

  3. CVE-2026-34940 CVE-2026-34940 Public

    OS Command Injection in KubeAI via Model URL in Ollama startup probe — CVSS 8.7

  4. CVE-2026-34975 CVE-2026-34975 Public

    CRLF Email Header Injection in Plunk via raw MIME construction — CVSS 8.5

    Python