For the first time in history, the #1 hacker in the US is an AI. (1/8)

Even mature products hide critical flaws – and @XBOW just found another one. CVE-2025-49493: XXE in Akamai CloudTest discovered during our climb to #1 on HackerOne. A complete technical breakdown from an error-based detection to a full exfiltration by @djurado9

XBOW is available for hire to improve your own defenses. As bad actors adopt AI to automate and accelerate their attacks, @XBOW fights back to out-hack the hackers.

The top hacker in the US is not a human, but a machine. @XBOW founder and CEO @oegerikus and @apoorv03 of @altcap joined @BloombergTV this morning to talk about the milestone.

RT @business: Xbow, the startup behind a highly ranked hacking security tool, has raised $75 million

RT @dinabass: One of the top-ranked hackers in the US isn't a person - it's an AI from a company called @Xbow. Founded by former GitHub Cop….

XBOW is now generally available. See it in action → Book a demo with our team.

Our previous investors, @konstantine of Sequoia Capital and @natfriedman, are participating super pro rata. We could not wish for better partners in this fight. This brings the total funding of @XBOW to $117M, allowing us to move as fast as the problem demands.

We are thrilled to announce our $75M Series B, led by @apoorv03 of Altimeter Capital (@altcap). Bad actors are adopting AI to automate and accelerate attacks. @XBOW fights back: AI vs. AI to secure software. Let’s out-hack the hackers.

Real security is POC||GTFO – and XBOW agrees. We’re releasing technical deep-dives on cool findings from our journey to the top of the HackerOne US leaderboard. The first is a zero-day XSS in Palo Alto Networks GlobalProtect by @pwntester .

How did @XBOW become the top-ranked hacker in the US on HackerOne?. @nicowaisman takes you behind the scenes to show how it all works, from reconnaissance to zero day discovery:.

XBOW automatically runs expert-level attacks across all webapps, giving security teams unprecedented scale. @XBOW reported 1092 vulnerabilities on HackerOne in just a few months, including RCE, XXE, SQLi, SSRF, exposed secrets, and XSS.

In 2025, solving CTF challenges is table stakes. To prove that AI agents can hack, we need to see real attacks on live production systems. Earlier this year, @XBOW became the top hacker in the United States on @Hacker0x0, outperforming every human participant. It’s the first

RT @BugBountyDEFCON: AI isn’t replacing bug bounty hunters anytime soon, but it’s getting surprisingly close. In this DEF CON talk, Joel N….

Watch the full interview here:

Happy birthday, @Xbow! Exactly one year ago we partnered with @Konstantine at @sequoia, bringing the power of AI agents to cybersecurity. Here’s Konstantine summing up our year together, on CNBC.

Just in time for the holidays: how XBOW found an arbitrary file download (CVE-2024-53982) in ZOO-Project, protecting Santa's critical geospatial processing infrastructure from attackers!

65 reports were submitted since September, including 20 critical findings

While developing XBOW over the past three months, we played around with using it for bug bounties and ended up at #11 in the US on HackerOne:

XBOW found a stored XSS vulnerability (CVE-2024-52597) in the migration functionality of 2FAuth by crafting a malicious SVG file with a Javascript payload! Our latest blog post, by @djurado9, gives the full details: