Hacktron AI (@HacktronAI) / X

Hacktron AI

134 posts

Hacktron AI

@HacktronAI

Hacktron is an autonomous vulnerability hunter for ambitious engineering teams. Built by world-class security researchers. Powered by one principle: PoC || GTFO

Latent Space

Joined April 2025

Pinned
Hacktron AI
@HacktronAI
Apr 28
Introducing Hacktron Review: an AI security reviewer for your pull requests. It understands your whole codebase, builds a threat model, takes your feedback, and catches exploitable vulnerabilities before they reach production. Try for free: app.hacktron.ai
00:00
47K
Hacktron AI
@HacktronAI
Jun 18
Introducing the Hacktron MCP. Give Claude Code, Codex, or Cursor a PR URL. With the Hacktron MCP, it will fetch the relevant security findings, write the fixes, and update Hacktron when the issue is resolved. All done before your coffee gets cold.
00:00
4.9K
Hacktron AI reposted
Harsh Jaiswal
@rootxharsh
Jun 12
RCE in Warp Terminal! I believe the attack surface is broadening with every new tool you use. Every OAuth app you authorise with elevated scopes.. we'd see more breaches via targeting tools/SaaS.. the attack surface is everyone and everything now - hacktron.ai/blog/the-attac…
00:00
3.4K
Hacktron AI reposted
s1r1us (mohan)
@S1r1u5_
Jun 12
Replying to @S1r1u5_
warp also supports this escape sequence, but unlike iTerm, its inline=0 path handling lets attacker-controlled terminal output write attacker-controlled content into attacker-controlled locations. so @HacktronAI found this arb file write. source:
warp/app/src/terminal/model/terminal_model.rs at bc3fffa7e57dae20b1878a1aa74e9f003d0617ce ·...
From github.com
1.1K
Hacktron AI
@HacktronAI
Jun 12
👀
Julio 🏴‍☠️
@juliocfa_
Jun 11
Replying to @S1r1u5_
Really hope more people get to try Hacktron. You guys are doing great so far and I love the open source initiative
Open Source Program
From hacktron.ai
617
Hacktron AI reposted
s1r1us (mohan)
@S1r1u5_
Jun 5
So @Doyensec recently published a report comparing @Xbow and @AikidoSecurity, two AI pentest platforms. I figured, why not run @HacktronAI on the same test? So I ran a pentest on one of the target. Hacktron cost $350, while XBOW and Aikido cost $4,000 each. We did pretty well!
15K
Hacktron AI
@HacktronAI
Jun 1
Introducing Hacktron Whitebox: get white-box security assessments with audit-ready reports without waiting on a traditional pentest cycle. AI has roughly tripled the rate of code shipped in the past year. But penetration testing has not kept pace, often taking weeks to months.
00:00
11K
Hacktron AI
@HacktronAI
Jun 1
Replying to @HacktronAI
The outcome: a faster, more cost-effective security assessment that does not compromise on quality. This is not just checkbox compliance. Hacktron Whitebox helps teams generate evidence for SOC 2 and ISO 27001, while giving engineers valuable, actionable findings they can fix.
00:00
682
Hacktron AI
@HacktronAI
Jun 1
Find out more:
AI White-box Penetration Testing as a Service
From hacktron.ai
508
Hacktron AI reposted
zayne (zeyu) zhang
@zeyu1337
May 28
Nice overview of the vulnerability discovery landscape! Very proud of the work we've done at @HacktronAI, as well as that of our peers at Anthropic and AISLE. AI has sped up vulnerability discovery, but coverage and signal remain to be important metrics we optimize for.
Corban Villa
@corban_villa
May 27
Agents are finding more vulnerabilities than ever. But it turns out there are gaps in existing vulnerability discovery. Over the past 90 days vs. a year ago, web vulnerabilities (XSS/SQLi/CSRF) are down 66% and memory safety exploitability is down 3.5x. We built the Agentic
00:00
2.2K
Hacktron AI reposted
Corban Villa
@corban_villa
May 27
Replying to @corban_villa
Who's finding what? @AnthropicAI owns critical count. @HacktronAI leads on severity + exploitability. AISLE covers the most CWE types. There’s no clear overall winner.
00:00
13K
Hacktron AI
@HacktronAI
May 25
Hacktron Review plugs into your pull requests and catches exploitable vulnerabilities other scanners walk straight past. Find real security issues within 24 hours of onboarding. Try it free → hacktron.ai
2.4K
Hacktron AI reposted
Harsh Jaiswal
@rootxharsh
May 20
When Your VPN Opens Your Private Network to the Public! An auth bypass in Palo Alto PAN-OS CAS Auth (CVE-2026-0265) that lets an attacker connect to the company's GlobalProtect VPN. Blog -
When Your VPN Opens Your Private Network to the Public
From hacktron.ai
119K
Hacktron AI
@HacktronAI
May 20
what can go wrong?
Harsh Jaiswal
@rootxharsh
May 14
This is a critical auth bypass (affecting GlobalProtect VPN), not sure why this was marked as high. I have already managed to get VPN access to major corps! Unlike the buffer overflow this isn't limited to PAN OS. Will be disclosing full details later next week on @HacktronAI
16K
Hacktron AI
@HacktronAI
May 15
Check out our security work on Next.js. We’re also offering free security scans for open source projects. Apply here:
Harsh Jaiswal
@rootxharsh
May 15
Last week's Next.js stable release patches multiple vulnerabilities found by @HacktronAI CVE-2026-44578: SSRF via WebSocket upgrade. It is the most impactful of all, it lets an attacker read internal hosts such as cloud metadata endpoints on self-hosted next.js applications.
00:00
hacktron.ai
Hacktron Review for Open Source
We are opening up Hacktron Review for Open Source, giving qualifying maintainers free PR security reviews with inline findings, auto-resolution, and project-specific learning.
2.5K