Red Team Lab

Security Lab


We create a safer online environment for people in repressive contexts by making the tools they use more secure.

What we do

We fund security audits for internet freedom projects.

Get a free audit

Do you want to strengthen the security of your internet freedom tool? Security Lab matches internet freedom projects with trusted, expert security partners. We fund short-term support for: 

  • software security audits 
  • expert help with tackling known security issues
  • security architecture and design reviews

Apply Now

You can also apply on behalf of a project that is not your own by contacting Security Lab directly.

We conduct public safety audits of state-sponsored apps.

Repressive governments worldwide often use software or mobile apps to surveil citizens or reduce their ability to communicate safely. We conduct public safety audits of potentially harmful software created by, associated with, or sponsored by governments.

If you’re concerned about the safety of citizens using a state-sponsored tool, you can let us know here.

Our Work

We aim to strengthen the internet freedom ecosystem and empower the people behind the tools. That’s why we publish the results of our audits on an open-source basis. Some examples:

You can check out additional work here.

Strengthening the security of tools critical to the internet freedom ecosystem.

How to Apply

If you’d like support from Security Lab for your internet freedom tool, complete our simple online application form. You can also use the form to recommend potentially harmful software for a public safety audit. 

We accept applications on a rolling basis.

Am I eligible for support?

If your tool contributes to internet freedom anywhere in the world, we’d love to hear from you. Projects previously funded by OTF are welcome, and we’re always looking to grow our community with new projects. Please read about our mission and values before applying to make sure we’re a good fit.

You can also recommend a project that you think would benefit from lab support, even if it’s not your own. In this case, please contact us directly.

Apply now

Our security partners


0xche conducts security engagements for civil society organizations and specializes in the Latin America region. Their focus relies on reverse engineering and penetration testing applications (web, mobile, and desktop), networks, and physical devices. 0xche also conducts vulnerability assessments, technical research, training, and source code audits for civil society organizations.


7ASecurity looks forward to helping OTF Security lab applicants with assessments tailored to their threat model and needs. They welcome requests from those looking to secure their web, mobile, and desktop applications; as well as cloud/infrastructure, servers, threat models and supply chains. Prior public pentest reports can be found here and testimonials here.


Assured is a Swedish security consultancy that specializes in a wide range of services including penetration testing and security assessments for: web and mobile applications; IT/OT/cloud infrastructure; active directory environments; IoT devices; embedded and automotive systems. Their expertise also includes adversary simulation and assessing a project’s detect-and-respond capabilities. Prior public pentest reports can be found here.

Atredis Partners

Atredis Partners is an employee-owned company made up of some of the best hackers and security researchers in the United States and Canada. They do advanced, research-driven penetration testing on a wide range of targets, from mobile to embedded to complex applications and cloud services, and advise their clients on emerging threats and complex information risk. Prior samples of work can be found here.

Convocation Research & Design

Convocation Research & Design (CoRD Labs) is a research, policy, and investigative think tank working at the intersections of cybersecurity, design, and human rights. CoRD welcomes requests for security-by-design reviews (early-stage assessments), public safety audits, application security serview, and pentesting.

David & Pablo

David & Pablo are digital protection experts with a combined 35 years in supporting civil society in the Americas region with their expertise in information technology, database development, open-source solutions, and secure encrypted servers. They provide expert guidance on digital security best practices, risk analysis and mitigation through organizational digital security audits, institutional policies and open-source IT infrastructure. They also audit  mobile and web applications to assess security and privacy vulnerabilities.

Include Security

Include Security is an offensive assessment consultancy focused on technical assessments and pentesting. They can hack almost any technology in 38 programming languages primarily across software, hardware, cloud, and infrastructure security assessments. They’ve loved working with OTF since 2016 to help open technologies that promote the core tenants of online freedom.


Interlab is a non-profit organization based in Seoul with a mission to create a resilient digital safety net for the freedom of citizens through research on cyber threats toward civic society. They’re looking forward to reviewing requests for public safety audits with a focus on the Southeast Asia region.

Radically Open Security

Radically Open Security performs code audits, penetration tests (web and mobile), cryptographic audits, systems and networks audits, organizational and operational security training, and provides detailed reports on findings alongside recommended solutions.


Spirula has expertise in pentesting websites and mobile applications and specialize in projects focused on the SWANA region. They aim to holistically consider software health by analyzing code security, stability, and agility, while considering the legal, social, and political aspects of where projects are deployed. 


SRLabs is a hacking and security think tank based in Berlin. Their team’s expertise covers everything from encryption, (mobile & web) application hacking, fuzzing, code review, as well as organizational security. They even have expertise in blockchain code audits! SRLabs’ hacking research can be found here.


Subgraph is a Montreal-based security company that builds open-source security software and provides security consulting services, including application security review and penetration testing. Subgraph has been an OTF grantee itself with Subgraph OS and is excited to support other OTF projects. More information can be found here.