Introducing OpenHack.
An Open Source Agentic Security Scanner that hunts and verifies vulnerabilities using open source models exclusively.
Upto 40x cheaper, it is on par with Claude Opus 4.6 on CVE-Bench.
Check it out at openhack.com!
Open source models are the only way forward
- Cannot be banned
- All restrictions can be removed in post training
- Cannot be slowed down / degraded by the big labs
- Self hosted, fully in house inference
Claude Fable 5 literally flags a simple port scan and switches back to Opus. This is why we're building OpenHack and betting hard on open source models.
Introducing OpenHack.
An Open Source Agentic Security Scanner that hunts and verifies vulnerabilities using open source models exclusively.
Upto 40x cheaper, it is on par with Claude Opus 4.6 on CVE-Bench.
Check it out at openhack.com!
Excited to launch OpenHack! 🚀
A fully open source agentic security scanner to hunt and verify security vulnerabilities.
Upto 40x cheaper, it is on par with Claude Opus 4.6 on CVE-Bench for finding logic based vulnerabilities in web apps.
Fun fact: In March 2022, the maintainer of node-ipc deliberately introduced malicious code into versions 10.1.1 and 10.1.2 that would overwrite files with heart emojis (❤️) on systems with IP addresses located in Russia or Belarus. (1/n)
‼️ Another day, another NPM package compromise
node-ipc versions 9.1.6, 9.2.3, and 12.0.1, which together have over 800,000 weekly downloads, were published containing an obfuscated stealer/backdoor in the CommonJS bundle that activates on import.
This was done as a form of protest against Russia's invasion of Ukraine. The destructive code used an IP geolocation service to identify affected users and then overwrote accessible files, permanently deleting their contents. These malicious versions were online for about five
Subsequent versions (11.0.0 and later) included the "peacenotwar" dependency, which dropped text files on users' desktops as a declared form of "non-violent protest". This incident affected major projects including Vue.js framework and Unity 3D gaming engine. The vulnerability
‼️ Another day, another NPM package compromise
node-ipc versions 9.1.6, 9.2.3, and 12.0.1, which together have over 800,000 weekly downloads, were published containing an obfuscated stealer/backdoor in the CommonJS bundle that activates on import.
The malware performs host fingerprinting, enumerates local files, steals credentials including AWS, Azure, GCP keys, SSH private keys, Kubernetes configs, Docker tokens, GitHub CLI tokens, and AI tool configurations, then exfiltrates them via DNS TXT queries and HTTPS POST to
Microsoft surpassed Claude Mythos using their new harness, MDASH (multi-model agentic scanning harness)!
MDASH uses GPT-5.4, Claude Opus 4.6, Sonnet 4.6 and absolutely smashed it on CyberGym.
microsoft.com/en-us/security…
Microsoft just dropped and just surpassed Mythos using Claude Opus 4.6, Sonnet 4.6 and GPT-5.4.
Proof that a great harness goes a really, really long way.