Founder-led. Single auditor of record.
BleedWatch Labs is intentionally small. The buyer gets the founder as auditor, writer, AI-Alliance orchestrator, and signer of the attestation. The site should say that plainly.
I am a French independent cybersecurity researcher. I have spent the last [X] years running adversarial OSINT against public artifact ecosystems: Docker, NPM, GitHub, build systems, open-source distributions, and the metadata teams accidentally leave behind.
My research has reached upstream maintainers in major open-source projects. Specific references, identifiers, and sensitive public-attribution details are shareable with serious prospects under reciprocal NDA after a discovery call.
I run BleedWatch Labs solo. The AI-Alliance methodology is the force multiplier, not a substitute for accountability. Every engagement is signed off by me, personally.
Based in [city], France. Available for engagements globally, with a preference for EU-based clients and companies facing board, fundraise, insurance, or enterprise due-diligence pressure.
Labs is diagnosis. bleedwatch.com is monitoring.
Labs exists because manual adversarial discovery produces urgent, board-relevant evidence today. The SaaS exists because external surfaces drift continuously after closure. They share a brand family because they share the same thesis. They remain separate because buyers need different modes: an assurance engagement now, monitoring later.
Public-artifact security has become an observational problem.
Scanners audit code. Attackers audit surfaces.
Most engineering teams already run SAST, SCA, secret scanning, dependency alerts, CSPM, and cloud configuration checks. Those controls matter. They still miss what an attacker sees when public registries, package metadata, CI artifacts, and archived files are read from the outside in.
The exposure is often simple. Finding it is not.
A public Docker image can contain the one environment file, IAM hint, or build argument that turns a normal artifact into a breach path. The fix may be short. The judgment needed to identify the right fix, prove impact, and close it with confidence is the scarce part.
Labs and the SaaS solve adjacent problems.
BleedWatch Labs is the founder-led audit practice. bleedwatch.com is the sister EASM product for continuous monitoring. Labs handles diagnosis, evidence, judgment, and attestation. The SaaS keeps watching the agreed surface after closure.
The strongest companies still leak through public artifact ecosystems because those ecosystems sit between engineering velocity and security ownership. A tutorial default becomes a production default. A public registry saves one operational step. A generated deployment script passes secrets as build arguments because that pattern was common in public training data.
Labs is the consulting shape for that gap. We look where the attacker looks, document the evidence, challenge the finding through multiple models, and write the shortest remediation path that closes the exposure. The deliverable is built for the board, the underwriter, the customer security team, and the engineers who need to ship the fix.
No invented scale.
This is not a VC-backed agency with a rotating delivery team.
This is not a 50-person consulting firm selling blended hourly capacity.
This is not a tool you install and leave to produce scanner noise.
This is one founder, four frontier LLMs, and a documented methodology.
This is a signed assurance engagement with a single auditor of record.
What founder-led means operationally.
The founder scopes the engagement and signs the authorization boundary.
The founder runs discovery and decides which findings survive the evidence ladder.
The founder writes the remediation runbook and submits it to AI-Alliance challenge.
The founder leads the restitution call and signs the retest attestation.
No junior handoff is hidden behind the Labs brand.
Talk directly to the auditor who would sign the work.
The discovery call is a scoping conversation, not a qualification maze. Bring the surface, the pressure you are responding to, and the evidence your stakeholders need.