Research Direction
Long-horizon technical themes, publication standards, and disclosure posture.
independent security research collective
Working across AI security, low-level systems, embedded devices, radio, hardware, and adversarial research.
Built for difficult systems, not for visibility
Researchers here converge on the same class of problems: systems that are technically dense, security-critical, poorly understood, or wrongly assumed to be robust. That has long meant exploit development, firmware, telecom, hardware, protocol analysis, and low-level internals. More recently it also means AI systems, where model behavior, agentic misuse, extraction, and interaction-layer vulnerabilities create new and still immature attack surfaces.
What this is
Independent researchers working on technically demanding security problems, individually or in small groups.
What it is not
Not a consultancy front-end, not an anonymous handle, not a public roster.
Why it exists
Serious research often spans multiple contributors, parallel threads, or coordinated disclosures. A shared name gives that work a common frame.
Research areas
Work spans several technical domains that often overlap inside the same investigation. These categories are not service lines or productized offerings. They describe the kinds of systems and failure modes the work repeatedly returns to.
AI & Model Security
Adversarial testing of LLMs and other AI systems, including prompt injection, jailbreaks, extraction, agentic misuse, tool abuse, evaluation gaps, and interaction-layer failures.
Adversarial Research
Offensive analysis aimed at understanding real exploitability, chained failure paths, and the practical security consequences of complex system behavior.
Low-Level Systems
Memory corruption, operating-system internals, reverse engineering, binary analysis, exploit primitives, and execution-boundary research.
Embedded & Firmware
Firmware extraction and reversing, boot-chain analysis, hardware/software boundaries, constrained-device behavior, and protocol-level weaknesses.
Radio & Cellular
Wireless trust assumptions, RF systems, SDR-driven analysis, and security research on 4G, 5G, and related protocol environments.
Hardware Security
Physical attack surfaces, fault injection, side-channel analysis, secure boot bypass, bus inspection, and hardware-rooted trust failures.
Mobile & Platform
Mobile internals, trusted execution boundaries, app reversing, baseband-adjacent research, and platform security assumptions.
Critical Environments
Security analysis of high-consequence systems, including industrial or infrastructure contexts where technical depth matters more than visibility.
Cryptography & Protocols
Weaknesses in protocol design and implementation, authentication edge cases, key handling failures, and side-channel issues in cryptographic systems.
How the collective works
No rigid hierarchy, no fixed departments. What persists is a stable name, a domain, a contact surface, and a consistent technical orientation, even as specific contributors and threads change. The point is not anonymity for its own sake, but coherence.
Collaborative Investigations
Short- or medium-term work involving several contributors across papers, tooling, analysis, or validation.
Disclosure & Coordination
Direct technical contact for vendors, operators, or researchers when a finding requires quiet handling before publication.
Independent Contributions
Work that remains individually authored while drawing on the broader research of the group.
Shared Methods
Tools, conventions, and habits of rigor that carry across otherwise separate projects.
Selective External Collaboration
Occasional work with trusted researchers, teams, or institutions when interests, timing, and standards align.
Research identity
Think Evil may be listed in publications, disclosures, and acknowledgments as a shared affiliation, co-authorship label, or research context — whichever fits the work. Its presence indicates a connection to the group, not a formal institutional position.
Publications, attribution, and verification
No complete public archive is maintained here. Some work appears openly, some is disclosed privately, some is published under other affiliations, and some is simply not publicized. Verification of a specific paper, disclosure, acknowledgment, or attribution claim is handled directly through contact.
Contact and secure channels
Use the channels below for research contact, collaboration inquiries, coordinated disclosure, or other technical matters that benefit from a stable point of contact. For sensitive material, prefer end-to-end encryption from the start and minimize identifying metadata until a trusted channel is established.
research contact
contact@thinkevil.orgaffiliation / collaboration
affiliation@thinkevil.orgencrypted chat
Matrixpgp
PGP is preferred for unpublished work, vulnerability-related material, and trust-sensitive communication.
0444 0587 CAA5 2DEF 6080
D91A 41A6 1B60 F979 2FEF
Download public key
D91A 41A6 1B60 F979 2FEF
note
Responses are selective but not performative. Clear, technically grounded messages are more useful than polished outreach.