// security audit — february 2026

Security
Audit

15 of 16 findings resolved · All builds verified · AI-assisted static analysis

3 Critical — Fixed
4 High — Fixed
5 Medium — Fixed
4 Low — Fixed

// official certificate

Audit Certificate

A comprehensive static security analysis was completed on February 23, 2026. All critical and high severity findings were fully remediated before release.

Sentinel Security Audit Certificate
Download Certificate // SVG · February 23, 2026

// findings & remediation

All Findings

Every finding identified during the audit, its severity classification, and current status.

ID Severity Finding Category Status
CRIT-1 CRITICAL Shell injection in killProcess via admin escalation Injection ✓ Fixed
CRIT-2 CRITICAL Shell injection in findProcesses via device path Injection ✓ Fixed
CRIT-3 CRITICAL Shell injection in getCodeSigningInfo Injection ✓ Fixed
HIGH-1 HIGH getProcessStats / getProcessOwner via runShell Injection ✓ Fixed
HIGH-2 HIGH nettop invoked via shell interpolation Injection ✓ Fixed
HIGH-3 HIGH Menu bar bypasses App Lock — sensitive data exposed Access Control ✓ Fixed
HIGH-4 HIGH Security config stored in UserDefaults (world-readable) Data Storage ✓ Fixed
MED-1 MEDIUM ShellExecutor timeout parameter never enforced Reliability ✓ Fixed
MED-2 MEDIUM Camera/mic attribution uses last-foreground-app heuristic Attribution ⚠ Accepted
MED-3 MEDIUM Notification action handler memory leak (stale entries) Memory ✓ Fixed
MED-4 MEDIUM @unchecked Sendable — unsound concurrency on NotificationManager Concurrency ✓ Fixed
MED-5 MEDIUM Unbounded hostname and DNS cache growth Memory ✓ Fixed
LOW-1 LOW fatalError in CoreData init crashes app on store failure Reliability ✓ Fixed
LOW-2 LOW chmod 644 makes BPF devices world-readable Permissions ✓ Fixed
LOW-3 LOW LAContext errors silently swallowed in App Lock Auth ✓ Fixed
LOW-4 LOW print() used for security events — no persistent log Logging ✓ Fixed

// remediation impact

Risk Profile — Before & After

Shell Injection 3 critical vectors Eliminated
Data Storage UserDefaults (exposed) Keychain (hardware-backed)
Access Control Menu bar bypassed lock Fully enforced
Concurrency Manual NSLock + @unchecked Actor-isolated
Error Handling fatalError / silent fails Graceful + os_log
Resource Limits Unbounded caches, no timeouts Capped + enforced

// methodology

How We Audited

The audit was performed as a comprehensive static code analysis of the full Sentinel codebase, covering all Swift source files. No dynamic analysis or fuzzing was performed.

Findings were prioritised by exploitability and blast radius. Each fix was compiled and verified with xcodebuild after every batch to prevent regressions. All 16 batches produced clean builds.

// Auditor: Claude Code — Anthropic AI-assisted static analysis
// Date: February 23, 2026 · Platform: macOS Darwin 25.2
// Build verification: xcodebuild -scheme Sentinel -configuration Debug build
// Result: BUILD SUCCEEDED — all batches