🐉 Hydra

Bike4Mind's white-hat security training tool · what it caught, why it matters for TwinSpires
Erik Bethke, B4M
Presented to TwinSpires · week of 2026-05-17
Repo: MillionOnMars/hydra
622Endpoints mapped & tested
900+Dynamic attack tests run
9+CRITICALs caught
12Vuln categories
35+PRs merged · confirmed findings, zero scanner noise
3Repos hardened
5Weeks of work
24/7Continuous via heartbeat

Why this matters — what every other scanner missed

Before Hydra ran, the B4M app was already protected by seven mainstream commercial security tools running continuously. Every one of them missed every Hydra finding. That is the point of this page.

What was already in place — and what each one caught
Semgrep Static SAST · pattern rules Missed every finding
OWASP ZAP Dynamic web scanner Missed every finding
Snyk SCA + code scanning Missed every finding
AWS Inspector Workload vulnerability mgmt Missed every finding
AWS GuardDuty Account / behavior monitoring Missed every finding
Gitleaks Secret scanning Missed every finding
AWS WAF Runtime request filtering Missed every finding
🐉 Hydra AI-guided application-logic auditor 9+ CRITICALs · one afternoon
Hydra does not replace any of these — it covers the layer none of them can see: application logic. “Should this endpoint exist?” “Does this user own this resource?” “Does the JWT actually bind the OAuth flow to this browser?” Pattern matchers don't answer those questions. Hydra does.

What Hydra is

Bike4Mind's proprietary AI-guided security framework. A coordinated stack of three specialized agents — hydra-poc (149 attack tests · broad reconnaissance), hydra-full (authenticated IDOR + endpoint sweep + payload fuzzing), and hydra-heartbeat (continuous diff scanner with persistent state · auto-files GitHub issues with LLM-enriched context) — that map every API endpoint, sample with Monte Carlo to break reviewer priors, reason over the codebase to name emergent vulnerability patterns, audit every instance of the pattern, then bake detection into the heartbeat for permanent coverage.

Built on Bike4Mind's general-purpose agentic AI substrate — the same platform that powers bike4mind.com itself and the broader B4M product portfolio. Hydra is what happens when that platform turns its attention to its own attack surface, then keeps watching.

The prevention loop is the difference. Every vulnerability class Hydra names becomes a permanent rule — enforced at write time by the AI coding tools developers use every day. After the No-BaseApi class was named, CI hard-fails any PR that skips it. The attack surface that needs scanning shrinks permanently after each wave. This is not a point-in-time pentest. It installs a prevention mechanism that compounds.

The wins that anchor the story

9 months live/api/debug/database Unauthenticated endpoint returning the production MongoDB Atlas hostname, database name, and SST stage to any caller. Created June 2025 during a debugging session, touched by three developers, nobody noticed auth: false.
Lumina5 PR #7708 · file deleted
Critical/api/external-image SSRF + IPv6 bypass Open SSRF proxy fetching any URL on the internet and uploading to S3. Initial block list missed the IPv4-mapped IPv6 bypass — https://[::ffff:127.0.0.1]/ reached loopback and AWS metadata. Re-attacked, found it, hardened with hostname normalization + redirect re-checking + 10 MB stream cap.
Lumina5 PRs #7725 + #7741
CriticalGitHub OAuth account hijack OAuth callback derived userId solely from the state JWT — if leaked, an attacker could complete the flow in a different browser and silently link their GitHub to a victim's B4M account. Fixed with a short-lived HttpOnly cookie binding the flow to the originating browser.
Lumina5 PR #7741 / issue #7733
CriticalVibesWire API key leak to CloudWatch /api/test handler logged both B4mApiKey and GuardianApiKey values to CloudWatch on every invocation. HTTP response was innocuous; the CRITICAL was caught on code review during the fix sweep. Handler deleted, both keys rotated.
VibesWire PR #10
ProcessbaseApi() enforcement in CI Hydra-driven CI checks now hard-fail any PR introducing a new pages/api/*.ts file without baseApi() wrap across both major B4M repos. Same class of bug as the 9-month debug endpoint cannot reach production again. Husky pre-commit gives local feedback. The methodology produces structural defenses, not just patches.
Red teamB4M billing fraud threat model 457-addition threat-model PR that prosecutes B4M's own billing for chargeback fraud, agent farms, credit-system abuse — modeling ~$20K/wk worst-case exposure. Follow-up PR ships Stripe idempotency, voice-session credit reservation, transcription limits, admin loginAs MFA step-up, per-tier agent caps, anomaly thresholds.

Hydra also found that the rate-limit middleware was fully implemented in code but never wired into the auth layer — limits were stored in the database and surfaced in response headers but never enforced. Credit enforcement defaulted to off on fresh deployments. No webhook handlers existed for chargebacks or refunds. Modeled exposure: ~$5K/day with 100 disposable accounts. For a platform where revenue integrity is a regulatory requirement, these are the exact gaps a gaming commission audit would surface.

Lumina5 #8224 (model) + #8225 + PRs #8227, #8247, #8265 (fixes)
Logic layerAI agent permission bypass Approval-gated tools — including sending Slack messages, image generation, and all MCP integrations — were executing silently without ever surfacing a permission request to the user. A logic bug in how the agent executor surfaces its primary step meant the permission classifier was never reached. No signature scanner has a rule for “the control flow never reaches the consent gate.” Hydra found it by reasoning over the intended behavior.
Lumina5 issue #8249 · fixed

The 12 vulnerability categories Hydra surfaces

For a betting platform, “IDOR” isn't a data hygiene issue. It's unauthorized access to wager history, stored payment instruments, and KYC records — with direct regulatory notification obligations attached.

Why this matters for TwinSpires

Hydra produces audit artifacts, not just patches When a gaming regulator asks “how do you know your software vendor's platform is secure?” — the answer isn't “we run Snyk.” The GitHub PR trail Hydra produces — confirmed findings, remediation code, CI enforcement gates — is the kind of evidence that survives a commission audit. Every finding has a linked PR. Every PR has a reviewer. Every CI gate has a passing test. The artifacts are the security posture, in a form a regulator can read.
Hydra could be turned on YOUR stack Same framework, different target. Hydra adapted from the B4M stack to VibesWire — a completely different architecture (SST + DynamoDB + Lambda) — in 40 minutes, with the same finding classes emerging independently. On a wagering platform, Hydra would focus on: cross-bettor IDOR across account and wager endpoints, payout-calculation logic that could be manipulated to alter settlement amounts, authentication flows across mobile and web clients, stored payment instrument access controls, and admin risk-management endpoints that process privileged data without step-up authentication. The CI enforcement and named-class prevention travel with the methodology.
Pattern beats one-off fixes Hydra doesn't just close bugs — it names the bug class (“No-BaseApi endpoints”), then ships CI that prevents the class from recurring. The methodology produces *structural* defenses, not just patches.
Confidence in the team that builds your software The security maturity Hydra represents — continuous offensive program, application-logic coverage no commercial scanner catches, structural fixes via CI — is the discipline B4M applies to every codebase. That posture goes into every line of B4M code, full stop.
Red-team thinking on revenue surface Hydra's billing-fraud threat model isn't theoretical — it ships matching code fixes (Stripe idempotency, MFA step-up on admin loginAs, per-tier agent caps, anomaly thresholds). For a partner whose revenue depends on the platform, *“they know how to attack their own billing”* is more reassuring than *“they know how to fix bugs.”*
We don't wait for security to be handed to us. We built our own offensive AI agent, pointed it at our own products, found what nobody else found, fixed it — and now CI prevents the same class of mistake from coming back.
Erik Bethke, CEO, Bike4Mind