zlacker

[return to "XBOW, an autonomous penetration tester, has reached the top spot on HackerOne"]
1. ryandr+yn[view] [source] 2025-06-24 18:09:58
>>summar+(OP)
Receiving hundreds of AI generated bug reports would be so demoralizing and probably turn me off from maintaining an open source project forever. I think developers are going to eventually need tools to filter out slop. If you didn’t take the time to write it, why should I take the time to read it?
◧◩
2. moyix+OC[view] [source] 2025-06-24 19:22:31
>>ryandr+yn
All of these reports came with executable proof of the vulnerabilities – otherwise, as you say, you get flooded with hallucinated junk like the poor curl dev. This is one of the things that makes offensive security an actually good use case for AI – exploits serve as hard evidence that the LLM can't fake.
◧◩◪
3. eeeeee+Ah2[view] [source] 2025-06-25 12:06:28
>>moyix+OC
Is "proof of vulnerability" a marketing term, or do you actually claim that XBOW has a 0% false positive rate? (i.e. "all" reports come with a PoV, and this PoV "proves" there is a vulnerability?)
[go to top]