Building the future of security auditing.
Stella LLC was founded on a simple premise: specialist verification should be available to the infrastructure teams that need it, starting with focused scopes before expanding to full product-area audits.
[Our Mission]
Security for every project.
Critical infrastructure software protects billions of connections daily. Yet most open-source projects cannot access professional security audits, and most enterprises cannot audit every dependency they ship. Stella changes this equation with faster, verification-first research that still produces the evidence engineers need to patch.
[Where We're Headed]
From verified audits to a verification layer for the ecosystem.
Today, Stella runs verified audits and triage retainers for C/C++ infrastructure vendors. Looking forward, Stella is building toward a verification layer that PSIRTs, bug-bounty programs, and OSS foundations can plug into directly — handling the AI-generated noise so engineers see only what's real. As the verification harness matures, coverage will expand to Rust, adjacent memory-unsafe ecosystems, and firmware.
[Founder]
Haruto Kimura
Founder & CEO
Security researcher and engineer focused on infrastructure vulnerability discovery. Built Lilith from the ground up to automate what traditionally takes months of manual effort per target. Credited on memory-corruption findings across cryptographic libraries (wolfSSL, Mozilla NSS), VPN implementations (strongSwan), and DNS infrastructure (PowerDNS), with bounty awards from Mozilla, Intel, Intigriti, and YesWeHack.
[Background]
Security Engineer
LY Corporation (LINE × Yahoo Japan)
Present
[Education]
M.Sc., Computer Science & Engineering
Waseda University
2023 – 2026
Exchange Program, Computing & Information Systems
The University of Melbourne
2024 – 2025
B.Sc., Applied Mathematics
Waseda University
2019 – 2023
[Timeline]
From concept to 32 CVEs.
2025
Lilith v1 — CLI Orchestrator
First version built as a CLI-based orchestrator with multi-agent exploration. Proved the concept of AI-assisted vulnerability discovery.
Early 2026
Lilith Engine — Production Pipeline
Multi-provider LLM routing and a modular pipeline architecture. Production-ready verification harness with GCP-instrumented validation gates.
Q1 2026
First CVEs Assigned
wolfSSL and Arm mbedTLS vulnerabilities discovered and responsibly disclosed.
Q2 2026
32 CVEs Across 9+ Vendors
Expanded to strongSwan, PowerDNS, GnuTLS (via Red Hat), Intel, PostgreSQL/PgBouncer, and FRRouting — nine new IDs (CVE-2026-39265 through 39274) assigned for bgpd, ospfd, eigrpd, and isisd parsing bugs. 59 accepted findings across 40+ targets.
Ahead
Verification layer for the ecosystem
A hosted verification surface that PSIRTs, bug-bounty programs, and OSS foundations can plug their incoming AI submissions into directly — Stella keeps the engineering signal, the AI noise gets dropped at the gate.
[ $ lilith run --target your-codebase ]
Audit your infrastructure with Stella.
Tell us about the codebase you want audited. We respond within 24 hours with scoping questions and an engagement proposal.