AI Trading Platform: Security Audit & Major System Updates
What’s New Since Our Optimization Breakthrough?
In our last post, we celebrated reaching a 2.77 Profit Factor through careful stop-loss optimization. Now we’ve taken a step back to audit the entire platform from top to bottom.
The result? One critical security fix, several accessibility improvements, and some interesting live statistics from over 33,000 analyzed trades.
The Audit Process
We conducted a full review of:
- Core trading functions and ML models
- Database and data flow
- Flask API endpoints
- Frontend HTML/CSS/JS
- Test coverage (20/20 tests passing
)
Let’s walk through what we found and fixed.
1. Critical Security Fix
The Problem: Unsafe Model Loading
Our Transformer model was loading saved checkpoints with weights_only=False. This setting allows arbitrary code execution through Python’s pickle deserialization.
Why is this dangerous? If someone replaces your model file with a malicious one, it could run any code when loaded. This is a known vulnerability (OWASP A08:2021 - Software and Data Integrity Failures).
The Fix
# Before (VULNERABLE)
checkpoint = torch.load(model_path, weights_only=False)
# After (SECURE)
checkpoint = torch.load(model_path, weights_only=True)
Key lesson: Always use weights_only=True when loading PyTorch models. It prevents code injection attacks.
2. Live Platform Statistics
Here’s what our platform has learned from real market data:
Overall Numbers
| Metric | Value |
|---|---|
| Total Trades Analyzed | 33,465 |
| Winning Trades | 3,943 |
| Overall Win Rate | 11.8% |
| Average AI Confidence | 57.9% |
| Average Result | +0.26% |
| Winning Patterns Found | 8 |
| Confidence Weights Learned | 180 |
Breakdown by Asset Type
| Asset Type | Trades | Wins | Win Rate |
|---|---|---|---|
| USA Stocks | 19,210 | 2,490 | 13.0% |
| Asia Stocks | 5,317 | 566 | 10.6% |
| Crypto | 4,440 | 469 | 10.6% |
| Commodities | 1,762 | 195 | 11.1% |
| Stock (General) | 1,840 | 161 | 8.8% |
| Indices | 895 | 62 | 6.9% |
| Forex | 1 | 0 | 0.0% |
Key insight: USA stocks show the highest win rate at 13%. Indices are the hardest to predict at 6.9%.
3. Neural Network Architecture
Our platform uses two neural networks working together:
LSTM Model (Original)
| Parameter | Value |
|---|---|
| Input Features | 28 |
| Hidden Size | 128 |
| Layers | 2 |
| Total Parameters | 363,778 |
| Model File Size | 4.3 MB |
Transformer Model (Newer)
| Parameter | Value |
|---|---|
| Input Features | 35 |
| d_model (hidden) | 128 |
| Attention Heads | 8 |
| Layers | 4 |
| Total Parameters | 545,281 |
| Model File Size | 6.5 MB |
The Transformer uses 7 additional “discriminating” features designed to separate winners from losers:
- Trend strength score — ADX × |DI difference|
- Momentum alignment — MACD + RSI agreement
- Extreme indicator — RSI < 30 or > 70
- Volume surge — Volume ratio above normal
- Ichimoku-MACD alignment — Multi-indicator confirmation
- Stochastic-RSI agreement — Both oscillators aligned
- DI crossover strength — Direction of trend
4. System Architecture Diagram
The diagram below shows how data flows through our platform: market data enters from the left, gets processed through indicator calculations and feature extraction, then feeds into our dual neural network layer (LSTM + Transformer). The models generate trading signals that are validated by the backtester, stored in our database, and exposed via the Flask API.
5. What We Learned About Indicator Performance
The platform tracks which indicators perform best. All indicators have learned weights of 2.5 across timeframes, with hundreds of thousands of samples each:
| Indicator | Timeframe | Samples |
|---|---|---|
| RSI | 1h | 358,168 |
| MACD | 1h | 358,168 |
| Bollinger | 1h | 358,168 |
| MA Trend | 1h | 358,168 |
| Ichimoku | 1h | 358,168 |
| RSI | 4h | 337,977 |
| MACD | 4h | 337,977 |
| RSI | 1d | 51,654 |
Key finding: The 1-hour and 4-hour timeframes have the most data. Daily timeframes have fewer samples but remain useful.
6. Changes Summary
| File | What Changed |
|---|---|
transformer_trader.py | Security fix: weights_only=True |
database.py | Fixed deprecated SQLAlchemy import |
index.html | SEO, Schema.org, accessibility, mobile |
7. What Comes Next
Based on this audit, here are our priorities:
Short Term
- Add API authentication (JWT tokens)
- Implement Redis caching for market data
- Add PWA support for mobile apps
Medium Term
- Cross-validation for model training
- Model versioning with rollback
- End-to-end integration tests
Long Term
- Real-time WebSocket updates
- Multi-strategy portfolio management
- Risk management dashboard
Conclusion
This audit found one critical security issue that we fixed immediately. We also improved accessibility for all users and collected insights from 33,000+ trades.
The platform is now more secure, more accessible, and continues to learn from every trade it analyzes.
Remember: USA stocks show the best win rate (13%), and the Transformer model with its 35 features provides better discrimination than the LSTM alone.
Security and accessibility aren’t optional features—they’re the foundation of any serious trading platform.
Important: The AI Trading Platform is an internal research project operated exclusively by ABXK.AI. It is not publicly accessible and cannot be used by visitors.
Any results, insights, or examples shared on this website or on social media are provided for informational and educational purposes only and do not constitute financial advice.