zlacker

[return to "XBOW, an autonomous penetration tester, has reached the top spot on HackerOne"]
1. teclea+Dt[view] [source] 2025-06-24 18:41:13
>>summar+(OP)
First:

> To bridge that gap, we started dogfooding XBOW in public and private bug bounty programs hosted on HackerOne. We treated it like any external researcher would: no shortcuts, no internal knowledge—just XBOW, running on its own.

Is it dogfooding if you're not doing it to yourself? I'd considerit dogfooding only if they were flooding themselves in AI generated bug reports, not to other people. They're not the ones reviewing them.

Also, honest question: what does "best" means here? The one that has sent the most reports?

◧◩
2. jamess+Wv[view] [source] 2025-06-24 18:51:04
>>teclea+Dt
Their success rates on HackerOne seem widely varying.

  22/24 (Valid / Closed) for Walt Disney

  3/43 (Valid / Closed) for AT&T
◧◩◪
3. pclmul+iO[view] [source] 2025-06-24 20:27:38
>>jamess+Wv
Walt Disney doesn't pay bug bounties. AT&T's bounties go up to $5k, which is decent but still not much. It's possible that the market for bugs is efficient.
[go to top]