Multi-source static security analysis for production codebases.
What it does
Pardes combines LLM cross-validation with deterministic static detectors to find real vulnerabilities in mid-to-large codebases without the false-positive flood of single-source tools.
- Multi-source consensus Findings cross-validated across 5+ language models plus deterministic CPG-based taint analysis. No single-tool blind spots.
- Multi-language Go, Rust, C/C++, Python, JavaScript/TypeScript, Java, Solidity. Polyglot codebases get full coverage.
- Continuous Runs against every commit. Scales to thousands of findings via automated triage and confidence calibration.
Recent results
Pardes-generated findings filed publicly in May 2026:
alg=none when client omits request_object_signing_alg registrationjsonx.EmbedSources default scheme allowlist permits file:// and unfiltered http(s)get_peer_cred returns root credentials on espidf/vita/hurdAdditional findings against identity, OAuth, and OIDC providers are under coordinated disclosure with the affected vendors. Track record updated as embargoes lift.
Status
Currently in private beta with security teams in production SaaS, internal platforms, and bug bounty programs.
Early access
If you run a security program, a platform engineering team with security responsibility, or a bug bounty research practice, drop a note. Replies usually within a couple of days.
Vulnerability reports + responsible disclosure: [email protected]
Inquiries: [email protected]