Nebula Security
Menu

Research

Vulnerability Research Bug List

Products

Vega

Lab

Lab

Product · AI security research

Vega finds the bugs that matter.

An AI security pipeline for codebases where security work needs to be reproducible, evidence-backed, and trust-worthy.

Join the waitlist View Buglist
  • Linux
  • Chrome
  • WordPress
  • CPython
  • QuickJS-NG

Validated performance

Vega finds vulnerabilities faster than humans ever could.

validated findings
727
Linux kernel bugs
709
Chrome zero-days
8
public CVEs
32
vegaLIVE

Work with Vega

Vega brings security into the flow of coding.

GitHub App

Review pull requests where work already happens.

Install Vega on selected repositories, scope the analysis policy, and receive findings tied to commits and pull requests.

CLI

Run targeted hunts from a terminal.

Use the command line for local snapshots, subsystem scans, CI jobs, and reproducible report generation.

MCP tool

Bring Vega into your coding agent workflow.

Expose Vega through MCP so Codex, Claude Code, and Cursor can pull findings, traces, and remediation context directly into the session.

Workflow

Vega makes the path from bug discovery to patch seamless.

  1. Step 01

    Connect

    Point Vega at a repository or project snapshot. Scope can be narrow for one subsystem or broad for continuous review.

  2. Step 02

    Hunt

    The agent explores code, reasons across call paths, and tests hypotheses against the project rather than keyword matching.

  3. Step 03

    Report

    Validated findings move into a structured report with severity, affected versions, and disclosure-ready evidence.

  4. Step 04

    Patch

    Vega carries the finding through remediation with patch-ready guidance so teams can move from report to fix without losing context.

FAQ

Short answers.

What projects can Vega work on?

Vega is a general-purpose code scanning tool designed for software at any scale, from operating systems with millions of lines of code to small open-source projects maintained by a single developer. Whatever your stack, Vega helps scan your code and surface bugs before attackers do.

How is Vega different from other code scanning tools?

Vega was built by security researchers with deep vulnerability research experience. We embedded that domain knowledge into the agentic workflow to make Vega faster, more precise, and more cost-effective. In the benchmarks of Chrome and the Linux kernel, Vega found more vulnerabilities than Anthropic Claude Code Security and OpenAI Codex Security.

Can I see public results?

Yes. The Buglist page tracks public and redacted findings across Linux kernel, Google Chrome, WordPress, CPython, and other projects.

Private beta

Bring researcher-grade bug finding into your codebase.

Join the Vega waitlist for private-beta access and product updates.