Vulnerability Atlas: Core Flaws, Real Architecture

Every vulnerability list describes the same ten flaws — just in different contexts.

Prompt injection (LLM), SQL injection (Web), and goal hijacking (Agentic) are all the same flaw: untrusted input alters instructions. Each has its own solution and it only needs to be addressed once.

Vulnerability lists

Choose a list, then click any item to light up the architecture.

Core flaws

See core flaws and architecture touch points for any selection.

Select a vulnerability or a node

Pick a vulnerability on the left to see (1) core flaws and (2) where they touch the architecture. Or click an architecture node to see which core flaws tend to land there.

Architecture Context

100%
Drag nodes to rearrange • Hold Shift to snap • Scroll to pan • Ctrl+scroll to zoom
Client
Edge / Perimeter
Kubernetes / Runtime
Data / External
Selected
Related

Welcome to Vulnerability Atlas

Understand how your architecture influences security findings

The key insight: Every vulnerability maps to specific architectural components. By understanding these connections, you can see exactly where in your system each security risk originates — and where to focus your defenses.

1
Select an OWASP list — Choose from Web, API, LLM, Agentic, Mobile, or Kubernetes top 10 lists
2
Click any vulnerability — The architecture diagram highlights which components are involved
3
Explore the connections — See the core flaws and understand how different vulnerabilities share common architectural touch points

How to use this

Click a vulnerability → highlight architecture nodes
Press Esc clear selection

This diagram is intentionally generic (Cloudflare/WAF/K8s/etc.). If you want, we can swap in your real components and adjust the mappings.

Core Flaws Reference

These 10 canonical flaws underlie all vulnerability categories. Click any flaw for details.

Proactive Controls (click for details)
Proactive Control

Step 1 of 5

Welcome

Tour description here