It's been a busy year! This year we:

• Hosted the 14th annual Crack Me If You Can (CMIYC) contest at DEF CON as well as sponsored and staffed the Password Village.
• Led the planning and delivery of CyberConVA 2024.
• Delivered a wide variety of penetration tests, security assessments, third-party risk reviews (2000 over the past 4 years), and password recovery service engagements. Our penetration tests have ranged from firmware to APIs, network and web application, and from product security to critical infrastructure.
• Deployed a KoreLogic-hosted LLM to support AI vulnerability research, secure document generation, and to facilitate studies into preventing AI data leakage.
• Continued our LLM Penetration Testing and Vulnerability Research - multiple vulnerabilities have been identified and the advisories have been submitted to vendors.
• Developed best practices for data filtering and data leakage detection when using a cloud-based LLM API.
• Refined our GenAI system assessment and testing methods.
• Obtained our CVE Numbering Authority (CNA) status to facilitate our growing vulnerability research and disclosure efforts: https://www.cve.org/Media/News/item/news/2024/06/25/KoreLogic-Added-as-CNA
• Published 12 vulnerability advisories using our responsible disclosure process, See https://korelogic.com/advisories.html
• Earned the ISO 27001:2022 certification that demonstrates our commitment and ability to protect our clients' information.
• Increased our staff of talented and dedicated security consultants.

Without our clients and employees, there is no KoreLogic. We are thankful for them, and wish them (and all of you) continued success and prosperity in the year ahead!