zlacker

[return to "XBOW, an autonomous penetration tester, has reached the top spot on HackerOne"]
1. keisbo+CJ2[view] [source] 2025-06-25 14:54:43
>>summar+(OP)
«XBOW submitted nearly 1,060 vulnerabilities. All findings were fully automated, though our security team reviewed them pre-submission to comply with HackerOne’s policy on automated tools»

That seems a bit unethical. I’ve thought companies specifically deny usage of automated tools. A bit too late ey…?

◧◩
2. 8200_u+bV2[view] [source] 2025-06-25 16:01:41
>>keisbo+CJ2
They acknowledge that in the article and all submissions are human reviewed before they are submitted.
◧◩◪
3. keisbo+A43[view] [source] 2025-06-25 16:48:44
>>8200_u+bV2
The policies states it’s not allowed to use automated tools, not to submit report using automated tools alone. Human review does not really change that.
◧◩◪◨
4. slt202+Cn3[view] [source] 2025-06-25 18:39:12
>>keisbo+A43
if a human reviewer can repro the bug, there is no difference between automated or human found bug.

bug works and is repro - as a software owner, do you care if human or ai found it?

[go to top]