About Stoffel
Stoffel Labs is building privacy tools to empower developers to build privacy-first apps without compromise. Stoffel’s stack consists of a programming language, Stoffel-Lang, a virtual machine, StoffelVM and an MPC library focused on robust multiparty computation protocols.
The Challenge: Keeping up with Engineering
Mikerah and the team at Stoffel are responsible for maintaining every layer of their stack. From their programming language (Stoffel Lang), the Virtual Machine (Stoffel VM), and the MPC library (mpc-protocols). That creates a lot of surface area for vulnerabilities to hide.
Before Veria Labs, the team relied on third party reputable auditing firms for a one-time code review. The process was slow by design: contract an auditor, wait weeks for the review, then remediate findings. That meant unreviewed code was regularly being pushed in the windows between audits.
We paid roughly 6 figures for an audit from a top security firm. Veria costs us 99% less and found the same bugs and more.
Traditional static scanners would generate excessive false positives and create manual triage work for the team.
They needed a way to continuously monitor for vulnerabilities and catch them before they ever reached prod.
The Solution: Why Veria Labs Came Out On Top
Since partnering with Veria Labs, the Stoffel team has consistently received high-quality and actionable findings.
Vs. Human Auditors
After being directly compared to a leading third party auditing firm, Veria’s AI matched the same number of vulnerabilities while being significantly faster. Instead of waiting 2-3 weeks and paying over six figures, the team got findings in 2-3 hours.
The quality of the findings Veria found were actually better than the leading audit firms findings, as we found the same critical and high severity findings, but found an additional medium finding.
Additionally:
- Full Coverage: Instead of paying for a narrow audit scope, Veria’s AI covers 100% of Stoffel’s stack. Every repo. Every line of code.
- Flexibility: When a new feature needs to be shipped fast, a scan can be triggered on the spot and returns results quickly. Removed the no waiting on a human auditor.
- Fast Remediation: Every finding comes with a clear description, impact and severity assessment, and remediation suggestions. So, the Stoffel team spends less time triaging and more time building.
Vs. Existing Security Tooling
- Quality of Findings: Compared to existing SAST tools, Veria AI uncovers real vulnerabilities that respect the business logic of the application. It goes well beyond traditional pattern matching to surface vulnerabilities that matter.
- False Positive Rates: In a direct comparison with Github Advanced Security and another AI-native SAST, Veria AI significantly outperformed both. This greatly reduces endless triage hours for the team.
| Veria Labs | Github Advanced Security | |
|---|---|---|
| # of Bugs | 34 | 6 |
| False Positive % | 5% | 100% |
Today, the team uses Veria heavily, especially when large chunks of work have been completed and need a thorough review before shipping.
The issues Veria found in Stoffel networking were reproducible and fixed! ...it is much better than manually begging Claude/Codex to find things since that seems to be 50/50 false positive
About Veria Labs
At Veria Labs, we build AI pentesting agents that automatically find and fix security vulnerabilities in your application. Founded by members of the #1 competitive hacking team in the U.S., we’ve found critical vulnerabilities in every company we’ve worked with, from small startups to enterprise giants.
Think we can help secure your systems? We’d love to chat! Book a call here.