BrainblastbrainblastComing soon
Live corpus · 100% reproduced

The open corpus of
machine-verified AI training data

Verified Trap Instances — proven error→fix→test records of the SDK errors AI ships, pinned to exact versions and re-provable on demand. Browse it free; train on it, or evaluate your model against it.

Verified Trap Instances
0
growing
SDKs
136
Classes
9/9
Reproduced
0%
Pinned to versions
Every record is bound to an exact SDK release.
RED→GREEN proven
The vulnerable code fails; the fix passes. Both on record.
Re-provable by anyone
No secret answer key — verify it yourself.
A fresh delta
New verified records stream in continuously.
Why it matters

The bugs AI ships are specific. So is the proof.

Coding agents confidently emit the same SDK integration footguns — insecure defaults, zeroed slippage guards, skipped signature checks, stale oracle reads — that compile, pass review, and quietly do the wrong thing. Brainblast is the corpus of exactly those failures, each one machine-proven.

The failure mode that costs you

Not generic bugs — the precise integration mistakes models make: an insecure default, a zeroed fee, a swap with no slippage floor, a price used without a freshness check. Captured, versioned, and named before they reach prod.

Proof you can't game

Every record goes RED→GREEN through a machine oracle — the vulnerable code fails, the fix passes, and anyone can replay it. 100% reproduced, no answer key. A model can't fake having learned it.

A corpus that compounds

An autonomous fleet finds and verifies new traps across the SDKs teams actually ship — fresh and growing, not a stale dump. And when a contributor's trap lands, they earn from the records buyers use.

Train models that write correct integration code the first time, or evaluate any model against a benchmark it hasn't seen.

Three ways in

Browse it free. Train on it. Evaluate against it.

The corpus is open. We charge for the two things that scale with it — certifying your models, and pointing the fleet at your stack.

Web3save 20%
$5,600/ yr$7,000
or $560/mo billed monthly
Both blockchain lots — for teams shipping on-chain.
Includes · Solana + EVM
Get Web3
AppSecsave 30%
$12,600/ yr$18,000
or $1,260/mo billed monthly
Every web, backend, cloud & crypto lot — the full AppSec surface.
Includes · Auth & Sessions + Transport & TLS + Web Hardening + Cloud & Storage + Cryptography + Browser & Desktop
Get AppSec
Scalesave 32%
$17,000/ yr$25,000
or $1,700/mo billed monthly
The whole corpus, the live firehose, and every lot we add next.
Includes · Every lot + all future lots
Get Scale

Or buy by the lot

priced by coverage — patterns × SDKs, not raw count
Solana$3,500/yror $350/mo
On-chain money & auth traps — commitment, preflight, royalties, slippage.
409 VTIs · 33 patterns · 25 SDKs
EVM$3,500/yror $350/mo
Ethereum-stack traps — unconfirmed transactions, zero-slippage swaps, tx.origin auth.
657 VTIs · 73 patterns · 46 SDKs
Auth & Sessions$3,500/yror $350/mo
JWT, sessions, cookies, CORS credentials — the login surface.
1039 VTIs · 36 patterns · 27 SDKs
Transport & TLS$3,500/yror $350/mo
Disabled certificate verification across HTTP/DB/message clients (MITM).
373 VTIs · 19 patterns · 24 SDKs
Web Hardening$3,500/yror $350/mo
Security headers, CSP, CSRF, GraphQL introspection, HTTP smuggling.
271 VTIs · 18 patterns · 9 SDKs
Cloud & Storage$2,000/yror $200/mo
Public-read ACLs, block-public-access off, storage & bucket misconfig.
127 VTIs · 6 patterns · 4 SDKs
Cryptography$3,500/yror $350/mo
Broken hashes & ciphers in app code — MD5, SHA-1, DES, weak key sizes.
451 VTIs · 16 patterns · 11 SDKs
Browser & Desktop$2,000/yror $200/mo
TLS bypass & sandbox-off in Playwright, Puppeteer, Electron.
704 VTIs · 7 patterns · 3 SDKs
OtherScale-only
Uncategorized — bundled into Scale only.
94 VTIs · not sold à la carte
Browse free
Read the whole catalog and pull a receipt-only sample — no signup, no wallet.
Browse
Evaluate your model or agent
We run it against a held-out slice of the corpus and hand you a scorecard of which bugs it still ships — re-run every release.
Book an eval
Sponsor scouting
Point the autonomous fleet at your stack — fund verified findings for the SDKs you build on.
Talk to us
In the marketplace

Latest verified records

Browse all 4125 VTIs
highstatic
fbauth-genetix-github-dangerous-linking
next-auth · auth bypass
highstatic
fbauth-crowe-code-github-dangerous-linking
next-auth · auth bypass
highstatic
jwt-wechat-acp-aes-ecb
node-crypto · missing verification
highstatic
jwt-serverless-query-runner-cookie-httponly
cookie-session · auth bypass
highstatic
jwt-nestjs-auth-starter-ignore-expiration
jwt · auth bypass
highstatic
jwt-eufy-security-client-aes-ecb
node-crypto · missing verification