In September 2025, Akash Saharan focused on backend security enhancements for the QwikDev/qwik repository, addressing a nuanced CSRF vulnerability in Qwik City. He refactored middleware placement and improved URL origin comparison logic to robustly handle protocol-less requests, specifically when the checkOrigin setting is 'lax-proto'. This targeted fix mitigated CSRF risks by ensuring origins without protocols are correctly validated, strengthening endpoint security for edge cases. Working primarily with TypeScript and leveraging his expertise in backend and full stack development, Akash delivered a well-scoped solution that improved the security posture of Qwik City without introducing new features or unnecessary complexity.