Reposted by Ewan Mellor
AI-enabled attackers have already accelerated.
The question: can your offensive security match their speed?
Next week at Black Hat Europe, we’re showing how autonomous offense closes the security scale gap with human-level testing in hours.
Let us show you how @ booth #215
The question: can your offensive security match their speed?
Next week at Black Hat Europe, we’re showing how autonomous offense closes the security scale gap with human-level testing in hours.
Let us show you how @ booth #215
December 5, 2025 at 1:13 PM
AI-enabled attackers have already accelerated.
The question: can your offensive security match their speed?
Next week at Black Hat Europe, we’re showing how autonomous offense closes the security scale gap with human-level testing in hours.
Let us show you how @ booth #215
The question: can your offensive security match their speed?
Next week at Black Hat Europe, we’re showing how autonomous offense closes the security scale gap with human-level testing in hours.
Let us show you how @ booth #215
Reposted by Ewan Mellor
Are you looking to do more astronomy in the coming year? Astronomy is all about resolution(s)!! Join Astro Everywhere at the Parkside Library on January 7th.
sfpl.org/events/2026/...
sfpl.org/events/2026/...
Presentation: Stargazing | San Francisco Public Library
Astro Everywhere will give a short presentation about the solar system and stars in the sky. Look through a telescope to see planets, such as Saturn and Jupiter, "up close".
sfpl.org
December 4, 2025 at 3:59 AM
Are you looking to do more astronomy in the coming year? Astronomy is all about resolution(s)!! Join Astro Everywhere at the Parkside Library on January 7th.
sfpl.org/events/2026/...
sfpl.org/events/2026/...
Reposted by Ewan Mellor
Pentests that take weeks can’t secure software that changes daily.
XBOW Lightspeed uses autonomous multi-agent offense to deliver human-level testing in hours, with full exploit validation and continuous coverage.
xbow.com/pentest
XBOW Lightspeed uses autonomous multi-agent offense to deliver human-level testing in hours, with full exploit validation and continuous coverage.
xbow.com/pentest
December 3, 2025 at 7:56 PM
Pentests that take weeks can’t secure software that changes daily.
XBOW Lightspeed uses autonomous multi-agent offense to deliver human-level testing in hours, with full exploit validation and continuous coverage.
xbow.com/pentest
XBOW Lightspeed uses autonomous multi-agent offense to deliver human-level testing in hours, with full exploit validation and continuous coverage.
xbow.com/pentest
Reposted by Ewan Mellor
It's been about six months since AE really took off as a business, and in that time we have now presented to more than 2000 people in our dome and other presentation spaces and about 700 people have been able to engage with our telescopes and other activities!
Here's to even more in the future!
Here's to even more in the future!
November 20, 2025 at 6:24 PM
It's been about six months since AE really took off as a business, and in that time we have now presented to more than 2000 people in our dome and other presentation spaces and about 700 people have been able to engage with our telescopes and other activities!
Here's to even more in the future!
Here's to even more in the future!
Reposted by Ewan Mellor
Episode 23: War Stories with Brendan Dolan-Gavitt (XBOW)!
@tib3rius.bsky.social & @swiftsecur.bsky.social are joined by @moyix.net who shares some AI and human war stories with us!
Links below!
@tib3rius.bsky.social & @swiftsecur.bsky.social are joined by @moyix.net who shares some AI and human war stories with us!
Links below!
November 7, 2025 at 3:03 PM
Episode 23: War Stories with Brendan Dolan-Gavitt (XBOW)!
@tib3rius.bsky.social & @swiftsecur.bsky.social are joined by @moyix.net who shares some AI and human war stories with us!
Links below!
@tib3rius.bsky.social & @swiftsecur.bsky.social are joined by @moyix.net who shares some AI and human war stories with us!
Links below!
Reposted by Ewan Mellor
What a weekend! From the Bay Area Science Festival at Mission Bay to the outer Sunset for the Great Hauntway, Astro Everywhere has been EVERYWHERE across SF. Anyone in North Beach need a telescope night?
October 27, 2025 at 2:30 AM
What a weekend! From the Bay Area Science Festival at Mission Bay to the outer Sunset for the Great Hauntway, Astro Everywhere has been EVERYWHERE across SF. Anyone in North Beach need a telescope night?
Reposted by Ewan Mellor
Dutch late night TV has its take
September 19, 2025 at 2:39 PM
Dutch late night TV has its take
Reposted by Ewan Mellor
1/ XBOW Unleashes GPT-5’s Hidden Hacking Power.
OpenAI
's initial assessment of GPT-5 showed modest cyber capabilities. But when integrated into the XBOW platform, we saw a completely different story: performance more than doubled.
More on what we found: 🧵
OpenAI
's initial assessment of GPT-5 showed modest cyber capabilities. But when integrated into the XBOW platform, we saw a completely different story: performance more than doubled.
More on what we found: 🧵
August 15, 2025 at 9:31 PM
1/ XBOW Unleashes GPT-5’s Hidden Hacking Power.
OpenAI
's initial assessment of GPT-5 showed modest cyber capabilities. But when integrated into the XBOW platform, we saw a completely different story: performance more than doubled.
More on what we found: 🧵
OpenAI
's initial assessment of GPT-5 showed modest cyber capabilities. But when integrated into the XBOW platform, we saw a completely different story: performance more than doubled.
More on what we found: 🧵
Reposted by Ewan Mellor
See autonomous pentesting live at #BlackHat!
Next week, XBOW will run on active HackerOne programs from the expo floor.
Watch AI agents find and validate real vulns—fast.
📍 Booth 3257
Next week, XBOW will run on active HackerOne programs from the expo floor.
Watch AI agents find and validate real vulns—fast.
📍 Booth 3257
August 1, 2025 at 5:00 PM
See autonomous pentesting live at #BlackHat!
Next week, XBOW will run on active HackerOne programs from the expo floor.
Watch AI agents find and validate real vulns—fast.
📍 Booth 3257
Next week, XBOW will run on active HackerOne programs from the expo floor.
Watch AI agents find and validate real vulns—fast.
📍 Booth 3257
Number 1 💃🕺🎉
August 1, 2025 at 2:11 AM
Number 1 💃🕺🎉
Reposted by Ewan Mellor
The trick to how it did it is in this post: xbow.com/blog/xbow-ti... Some details below...
XBOW – Another Byte Bites the Dust - How XBOW Turned a Blind SSRF into a File Reading Oracle
A complete arbitrary local file read vulnerability achieved through an ingenious byte-by-byte exfiltration technique.
xbow.com
July 28, 2025 at 10:10 PM
The trick to how it did it is in this post: xbow.com/blog/xbow-ti... Some details below...
Reposted by Ewan Mellor
False positives waste your time.
False negatives cost you breaches.
At @BlackHatEvents , @moyix shows how XBOW agents fight false positives — validating real exploits at scale, in hours.
📍Aug 7 | 11:20am
False negatives cost you breaches.
At @BlackHatEvents , @moyix shows how XBOW agents fight false positives — validating real exploits at scale, in hours.
📍Aug 7 | 11:20am
July 28, 2025 at 3:02 PM
False positives waste your time.
False negatives cost you breaches.
At @BlackHatEvents , @moyix shows how XBOW agents fight false positives — validating real exploits at scale, in hours.
📍Aug 7 | 11:20am
False negatives cost you breaches.
At @BlackHatEvents , @moyix shows how XBOW agents fight false positives — validating real exploits at scale, in hours.
📍Aug 7 | 11:20am
Reposted by Ewan Mellor
From SSRF discovery to RCE exploitation in 32 iterations.
XBOW systematically analyzed TiTiler's expression parser, discovered Python execution through error patterns, then crafted payloads using subclass traversal to achieve command execution.
Complete analysis: bit.ly/46XzOiA
XBOW systematically analyzed TiTiler's expression parser, discovered Python execution through error patterns, then crafted payloads using subclass traversal to achieve command execution.
Complete analysis: bit.ly/46XzOiA
XBOW – Beyond the Bands: Exploiting TiTiler’s Expression Parser for Remote Code Execution
A methodical analysis of TiTiler's API endpoints and its expression parser,
leading to arbitrary Python code execution on the server.
bit.ly
July 24, 2025 at 2:18 PM
From SSRF discovery to RCE exploitation in 32 iterations.
XBOW systematically analyzed TiTiler's expression parser, discovered Python execution through error patterns, then crafted payloads using subclass traversal to achieve command execution.
Complete analysis: bit.ly/46XzOiA
XBOW systematically analyzed TiTiler's expression parser, discovered Python execution through error patterns, then crafted payloads using subclass traversal to achieve command execution.
Complete analysis: bit.ly/46XzOiA
Reposted by Ewan Mellor
Even mature products hide critical flaws – and @xbow.com just found another one.
CVE-2025-49493: XXE in Akamai CloudTest discovered during its climb to #1 on HackerOne.
A complete technical breakdown from an error-based detection to a full exfiltration by Diego Jurado: xbow.com/blog/xbow-ak...
CVE-2025-49493: XXE in Akamai CloudTest discovered during its climb to #1 on HackerOne.
A complete technical breakdown from an error-based detection to a full exfiltration by Diego Jurado: xbow.com/blog/xbow-ak...
XBOW – CVE-2025-49493: XML External Entity (XXE) Injection in Akamai CloudTest
When XBOW met Akamai: a walkthrough of discovering and exploiting an XML External Entity vulnerability (CVE-2025-49493) in a widely-deployed application.
xbow.com
June 30, 2025 at 7:42 PM
Even mature products hide critical flaws – and @xbow.com just found another one.
CVE-2025-49493: XXE in Akamai CloudTest discovered during its climb to #1 on HackerOne.
A complete technical breakdown from an error-based detection to a full exfiltration by Diego Jurado: xbow.com/blog/xbow-ak...
CVE-2025-49493: XXE in Akamai CloudTest discovered during its climb to #1 on HackerOne.
A complete technical breakdown from an error-based detection to a full exfiltration by Diego Jurado: xbow.com/blog/xbow-ak...
XBOW is now generally available 🎉
June 24, 2025 at 8:10 PM
XBOW is now generally available 🎉
Reposted by Ewan Mellor
Do you want to work at the cutting edge of AI and cybersecurity?
XBOW now has 8 positions open across Product Marketing, Operations, Customer Success, and Engineering.
Check out all the details here: jobs.ashbyhq.com/xbowcareers.
XBOW now has 8 positions open across Product Marketing, Operations, Customer Success, and Engineering.
Check out all the details here: jobs.ashbyhq.com/xbowcareers.
May 28, 2025 at 5:20 PM
Do you want to work at the cutting edge of AI and cybersecurity?
XBOW now has 8 positions open across Product Marketing, Operations, Customer Success, and Engineering.
Check out all the details here: jobs.ashbyhq.com/xbowcareers.
XBOW now has 8 positions open across Product Marketing, Operations, Customer Success, and Engineering.
Check out all the details here: jobs.ashbyhq.com/xbowcareers.
Reposted by Ewan Mellor
XBOW is growing and we're looking for talented folks to join us! Apply here: jobs.ashbyhq.com/xbowcareers
April 24, 2025 at 3:52 PM
XBOW is growing and we're looking for talented folks to join us! Apply here: jobs.ashbyhq.com/xbowcareers
Reposted by Ewan Mellor
Hey! 👋 In ~2 months, I'm presenting a research project at Node Congress that compiles JVM bytecode to WebAssembly, letting you import Java functions in JavaScript. 😈 This'll allow existing Java code to run in the browser and new JS runtimes like Cloudflare Workers... 🙈 gitnation.com/badges/node-...
Check out my badge & claim your free Node Congress 2025 remote ticket!
Join 5k engineers worldwide at Node Congress 2025 and meet 15+ top speakers at April 17 - 18, 2025
gitnation.com
February 23, 2025 at 5:10 PM
Hey! 👋 In ~2 months, I'm presenting a research project at Node Congress that compiles JVM bytecode to WebAssembly, letting you import Java functions in JavaScript. 😈 This'll allow existing Java code to run in the browser and new JS runtimes like Cloudflare Workers... 🙈 gitnation.com/badges/node-...
Reposted by Ewan Mellor
We discover 119 vulnerabilities in LTE/5G core infrastructure, each of which can result in persistent denial of cell service to an entire metropolitan area or city and some of which can be used to remotely compromise and access the cellular core.
https://cellularsecurity.org/ransacked
https://cellularsecurity.org/ransacked
February 20, 2025 at 2:10 AM
We discover 119 vulnerabilities in LTE/5G core infrastructure, each of which can result in persistent denial of cell service to an entire metropolitan area or city and some of which can be used to remotely compromise and access the cellular core.
https://cellularsecurity.org/ransacked
https://cellularsecurity.org/ransacked
Reposted by Ewan Mellor
@xbow.com has been busy in the first few weeks of 2025 – our agent has autonomously found 106 vulnerabilities in OSS projects, and we've reported 72 so far! Amazing work by @nicowaisman.bsky.social and the security team triaging these and getting them into the disclosure->fix pipeline!
February 6, 2025 at 6:55 PM
@xbow.com has been busy in the first few weeks of 2025 – our agent has autonomously found 106 vulnerabilities in OSS projects, and we've reported 72 so far! Amazing work by @nicowaisman.bsky.social and the security team triaging these and getting them into the disclosure->fix pipeline!
Reposted by Ewan Mellor
Happy birthday, @xbow.com! Exactly one year ago we partnered with Konstantine at Sequoia, bringing the power of AI agents to cybersecurity. Here’s Konstantine summing up our year together, on CNBC. www.youtube.com/watch?v=jieB...
Watch CNBC's full interview with Sequoia Capital partner Konstantine Buhler
YouTube video by CNBC Television
www.youtube.com
January 29, 2025 at 6:09 PM
Happy birthday, @xbow.com! Exactly one year ago we partnered with Konstantine at Sequoia, bringing the power of AI agents to cybersecurity. Here’s Konstantine summing up our year together, on CNBC. www.youtube.com/watch?v=jieB...
Reposted by Ewan Mellor
mitmproxy 11.1 is out! 🥳
We now support *Local Capture Mode* on Windows, macOS, and - new - Linux! This allows users to intercept local applications even if they don't have proxy settings.
More details are at mitmproxy.org/posts/local-.... Super proud of this team effort. 😃
We now support *Local Capture Mode* on Windows, macOS, and - new - Linux! This allows users to intercept local applications even if they don't have proxy settings.
More details are at mitmproxy.org/posts/local-.... Super proud of this team effort. 😃
Intercepting Linux Applications
mitmproxy.org
January 12, 2025 at 1:59 PM
mitmproxy 11.1 is out! 🥳
We now support *Local Capture Mode* on Windows, macOS, and - new - Linux! This allows users to intercept local applications even if they don't have proxy settings.
More details are at mitmproxy.org/posts/local-.... Super proud of this team effort. 😃
We now support *Local Capture Mode* on Windows, macOS, and - new - Linux! This allows users to intercept local applications even if they don't have proxy settings.
More details are at mitmproxy.org/posts/local-.... Super proud of this team effort. 😃
Reposted by Ewan Mellor
At this point, anyone who tries to say that AI can't replace at least _some_ human expertise is clearly and obviously moving the goalposts. Between this and stuff I've seen coming from folks at @dreadnode.bsky.social I am now 100% convinced that "AI red teamers" are a when-not-if thing.
December 18, 2024 at 7:11 PM
At this point, anyone who tries to say that AI can't replace at least _some_ human expertise is clearly and obviously moving the goalposts. Between this and stuff I've seen coming from folks at @dreadnode.bsky.social I am now 100% convinced that "AI red teamers" are a when-not-if thing.