Applied security research
for the systems we actually run.

Synthetic Codex Research Lab focuses on real-world security behavior in web applications, APIs, and infrastructure — using a manual-first methodology with AI-assisted analysis, and strict respect for scope and responsible disclosure.

Authorization & access control Workflow & state analysis API-centric systems

View Security & Testing Approach ↗ For Vendors & Tooling Partners

Synthetic Codex only performs testing on systems it owns, operates, or has explicit written authorization to assess. Any external work is conducted through formal programs with defined scope.

Research snapshot Overview

Lab name Synthetic Codex Research Lab
Director Joseph Bulliner
Primary domains Security behavior · Systems · AI
Focus Authorization logic · API design · Infra reliability
Approach Manual-first, tool-assisted

[research.log] lab: Synthetic Codex director: J. Bulliner domains: web | api | infra focus: auth_control, workflow_integrity, logic_flaws scope: owned_systems | explicit_programs_only status: ACTIVE

What Synthetic Codex focuses on

The lab exists to study how real systems break — not in theory, but in production-style conditions where authorization, state, and infrastructure interact in messy ways.

Authorization & object access

How does the system really decide who can touch what? Analysis includes broken object-level and function-level authorization, role boundaries, and multi-tenant isolation failures.

BOLA / IDOR and access-control flaws
Cross-tenant data exposure risks
Role boundaries enforced (or not) by the backend

Access-control testing Multi-tenant thinking

API & workflow design

Modern systems are mostly APIs and state machines. The lab studies how workflows break when steps are skipped, replayed, or executed out of order under edge conditions.

State-dependent workflows tested out of sequence
Replay and race-style issues in sensitive operations
Unsafe defaults and assumptions in public APIs

Workflow integrity API misuse resilience

Tooling & methodology

Off-the-shelf scanners don’t see everything that matters. Synthetic Codex uses a manual-first methodology backed by proxies, structured recon templates, and AI-assisted analysis for large datasets.

Proxy-centric HTTP analysis
Structured recon and note-taking
AI-supported log and pattern review

Contact & vendor information

For security tooling vendors, infrastructure partners, or organizations interested in research collaboration or methodology discussion, use the contact information below.

Primary contact

Lab: Synthetic Codex Research Lab
Contact: Joseph Bulliner
Role: Director of Applied Security Research
Email: contact@syntheticcodex.com
Location: United States

For security tooling or platform evaluations, please include a brief description of your product, typical deployment model, and any evaluation requirements or constraints.

When reaching out

To streamline any conversation:

Indicate whether you’re a vendor, partner, or researcher.
Share links to relevant documentation or technical overviews.
Note if you are inquiring about tooling evaluation, research collaboration, or program participation.

Why Synthetic Codex evaluates security tools

Synthetic Codex Research Lab evaluates security tooling to ensure accurate analysis of authorization behavior, workflow integrity, and system reliability across web and API-driven platforms. High-quality tools support the lab’s manual-first methodology by improving visibility, accelerating investigation, and enabling precise documentation of findings. Evaluations are conducted ethically, within authorized environments, and strictly in support of applied research.