All findings below are from passive observation of URLs provided as part of this assessment, public DNS records, and HTTP response headers. No active scanning, exploitation, or penetration testing tools were used. This review is presented constructively — as a security-aware assessment of the product's public-facing architecture.
Infrastructure Map (from response headers)
| Component | Technology | Evidence | Risk Level |
|---|
| Report hosting | AWS S3 + CloudFront | server: AmazonS3, x-amz-cf-pop headers | Medium |
| Marketing site | Framer | server: Framer/e66ed00 (version exposed) | Low |
| Product app | Next.js on Render, behind Cloudflare | x-powered-by: Next.js, x-render-origin-server: Render | Medium |
| Image assets | Cloudinary (account: dttjaxqso) | Image URLs in report HTML | Low |
| Report template | MJML (email framework) | Microsoft Office conditional comments in HTML source | Info |
| Legal entity | KernelAI, 125 London Wall, EC2Y 5AS | Report footer | Info |
Category 1: Report Authentication & Access Control
FINDING 1: Reports use security-by-obscurity (unguessable URLs, no token auth)
The report URLs shared as part of this assessment are served from S3 via CloudFront without session tokens or API keys — access is controlled by URL obscurity rather than authentication. This is a reasonable approach for sharing specific reports (as Primer did with this assessment), but the question is whether all client reports use the same delivery mechanism. If so, any leaked or forwarded URL grants permanent, unlimited access to proprietary analysis.
Consideration: For institutional clients with compliance requirements, time-limited signed URLs or session-gated access would provide stronger assurance. This is a discussion point rather than a vulnerability — the current approach works for intentional sharing but may not satisfy enterprise security audits.
FINDING 2: URL structure is predictable and enumerable
Report URLs follow a predictable pattern: /{TICKER}/filing_briefing/{DATE}_{TIME}.html. While guessing the exact timestamp requires brute-forcing, the ticker and date components are publicly knowable. An attacker who knows Primer covers PETSP.L and that FY26 results were released on 31 March 2026 has a small search space.
Mitigation observed: S3 bucket policy returns 403 for unknown paths, which limits enumeration. However, the predictable URL structure means that a single leaked URL reveals the naming convention for all reports.
Recommendation: Use random UUIDs in report URLs (e.g., /reports/a3f7c2d1-9b4e-...) rather than ticker/date patterns.
Category 2: Data Segregation vs. Podcast Claims
FINDING 3: Data segregation claim contradicted by report architecture
In the Zeus Capital podcast, Smallwood stated: "All of the data inputted by the user is owned by the user... it's walled garden per user rather than per firm."
However, the report delivery architecture contradicts this claim:
• Reports are stored by ticker (/PETSP.L/), not by user or organisation
• No user-scoped paths, tokens, or identifiers appear in any report URL
• Report A (production) and Report B (testing/prod) have identical content-length (49,383 bytes), suggesting the same underlying data generates the same output regardless of user
• The walled-garden claim may apply to the interactive studio agent (where user-specific "Memories" and pinned rules would differentiate output), but it does not apply to the static report delivery layer, where reports appear to be generated per-ticker, not per-user
Risk: If a client believes their analytical customisations (pinned rules, agent memory) are reflected in the delivered report, but the report is actually generated from a shared, user-agnostic pipeline, this creates a mismatch between expectation and reality.
Recommendation: Either ensure reports incorporate user-specific context (making each user's PETSP.L report genuinely different) or clearly communicate that static reports are ticker-level outputs distinct from the personalised interactive experience.
FINDING 4: Test and production reports share the same S3 bucket and CloudFront distribution
Reports at /PETSP.L/filing_briefing/ (production) and /testing/PETSP.L/filing_briefing/ (testing) are served from the same domain, bucket, and CDN. The three testing reports were all uploaded simultaneously (identical last-modified: Thu, 02 Apr 2026 16:23:10 GMT), confirming this is a test/evaluation pipeline sharing production infrastructure.
Risk: Commingling test and production data increases the risk of accidental exposure. A misconfigured bucket policy could expose test data (which may include debug information, internal notes, or early-stage analysis) to production users.
Recommendation: Separate S3 buckets and CloudFront distributions for test and production environments.
Category 3: Security Headers & Hardening
FINDING 5: No security headers on reports subdomain
The reports.production.primerapp.com responses include zero security headers:
• No Content-Security-Policy — reports could load external scripts or be injected with malicious content
• No X-Frame-Options — reports can be iframe'd by any third-party site (clickjacking risk)
• No X-Content-Type-Options — MIME sniffing attacks possible
• No Strict-Transport-Security — HTTPS not enforced via HSTS
• No Referrer-Policy — report URLs may leak in referrer headers
FINDING 6: No security headers on studio application
The studio.primerapp.com application similarly lacks: Content-Security-Policy, X-Frame-Options, X-XSS-Protection, Referrer-Policy, and Permissions-Policy. For a financial application handling proprietary data, this is below industry baseline. The marketing site (Framer) does include Strict-Transport-Security, but the product application does not.
FINDING 7: Full server stack disclosed in response headers
An attacker can identify the complete technology stack from a single HTTP request:
• Reports: server: AmazonS3, x-amz-server-side-encryption: AES256
• Studio: x-powered-by: Next.js, x-render-origin-server: Render, server: cloudflare
• Marketing: server: Framer/e66ed00 (including build version)
This gives an attacker a complete map of technologies to target with known CVEs. Standard practice is to remove or generalise server headers.
Category 4: Application Architecture Observations
FINDING 8: Studio app renders full UI shell before authentication
Fetching studio.primerapp.com returns the complete application navigation structure (Studio, Library, Templates, Models, Notes, Data, Routines, Coverage, Reports, Calendar, Inbox, Settings) and feature names (AutoYOLO, Memories, Sources) before any authentication check. While this is common in client-side rendered Next.js applications, it exposes the full feature set and UI architecture to unauthenticated users.
Note: This is how we mapped the complete product feature set without having an account.
FINDING 9: Reports generated using email template framework (MJML)
The report HTML contains Microsoft Office conditional comments (<!--[if mso]>) characteristic of the MJML email template framework. This suggests reports may be dual-purpose: served both as web pages and via email delivery. Email-compatible HTML cannot support Content-Security-Policy headers, which may explain the missing security headers on the reports subdomain.
FINDING 10: Cloudinary account identifier exposed
Reports reference images from Cloudinary account dttjaxqso. While Cloudinary has reasonable default security, the account identifier could be used to enumerate uploaded assets if resource list access is not explicitly disabled.
FINDING 11: S3 XML error responses not masked
Requesting non-existent paths on the reports domain returns raw S3 XML error responses (<Error><Code>AccessDenied</Code>...<HostId>...</HostId></Error>) including internal request IDs and host identifiers. CloudFront should be configured to return custom error pages rather than proxying S3 error responses.
FINDING 12: No security.txt or vulnerability disclosure policy
/.well-known/security.txt returns a 307 redirect (to auth), not a security contact page. For a financial services product, having a published vulnerability disclosure policy and security contact demonstrates maturity and is increasingly expected by institutional clients.
Summary & Severity Assessment
| # | Finding | Severity | Effort to Fix |
|---|
| 1 | Security-by-obscurity on report URLs | Medium | Medium (signed URLs) |
| 3 | Data segregation claim vs reality | High | High (architecture change) |
| 2 | Predictable URL structure | Medium | Low (UUID paths) |
| 4 | Test/prod commingled | Medium | Low (separate buckets) |
| 5-6 | Missing security headers | Medium | Low (CloudFront/Cloudflare config) |
| 7 | Server stack disclosure | Medium | Low (header stripping) |
| 8 | UI shell pre-auth render | Low | Medium (SSR auth guard) |
| 9-12 | MJML, Cloudinary, S3 errors, security.txt | Low | Low |
The two high-severity findings — unauthenticated report access and the gap between the data segregation claim and the observable architecture — are the ones most likely to surface during institutional client due diligence. Addressing these before scaling the buy-side customer base would be prudent.
