XBOW
@xbow.com
Bringing AI to offensive security by autonomously finding and exploiting web vulnerabilities. Watch XBOW hack things: https://xbow.com/traces
4/ The full technical breakdown is here: xbow.com/blog/gpt-5
August 15, 2025 at 9:33 PM
4/ The full technical breakdown is here: xbow.com/blog/gpt-5
3/ The results speak for themselves:
- 30% fewer iterations to exploit targets
- nearly 2x more vulnerabilities found in real world targets
- improved consistency across different attack scenarios
XBOW's agents are now faster, more consistent, and more effective.
- 30% fewer iterations to exploit targets
- nearly 2x more vulnerabilities found in real world targets
- improved consistency across different attack scenarios
XBOW's agents are now faster, more consistent, and more effective.
August 15, 2025 at 9:32 PM
3/ The results speak for themselves:
- 30% fewer iterations to exploit targets
- nearly 2x more vulnerabilities found in real world targets
- improved consistency across different attack scenarios
XBOW's agents are now faster, more consistent, and more effective.
- 30% fewer iterations to exploit targets
- nearly 2x more vulnerabilities found in real world targets
- improved consistency across different attack scenarios
XBOW's agents are now faster, more consistent, and more effective.
2/ OpenAI's own benchmarks were conservative, showing GPT-5 performing comparably to older models in CTF challenges and unable to solve cyber range scenarios unaided.
See Figure 14 from the OpenAI System Card:
See Figure 14 from the OpenAI System Card:
August 15, 2025 at 9:32 PM
2/ OpenAI's own benchmarks were conservative, showing GPT-5 performing comparably to older models in CTF challenges and unable to solve cyber range scenarios unaided.
See Figure 14 from the OpenAI System Card:
See Figure 14 from the OpenAI System Card:
Our previous investors, Konstantine Buhler of Sequoia Capital and Nat Friedman, are participating super pro rata.
We could not wish for better partners in this fight.
This brings the total funding of @xbow.com to $117M, allowing us to move as fast as the problem demands.
We could not wish for better partners in this fight.
This brings the total funding of @xbow.com to $117M, allowing us to move as fast as the problem demands.
June 24, 2025 at 8:05 PM
Our previous investors, Konstantine Buhler of Sequoia Capital and Nat Friedman, are participating super pro rata.
We could not wish for better partners in this fight.
This brings the total funding of @xbow.com to $117M, allowing us to move as fast as the problem demands.
We could not wish for better partners in this fight.
This brings the total funding of @xbow.com to $117M, allowing us to move as fast as the problem demands.
We are thrilled to announce our $75M Series B, led by Apoorv Agrawal of Altimeter Capital.
Bad actors are adopting AI to automate and accelerate attacks.
@xbow.com fights back: AI vs. AI to secure software. Let’s out-hack the hackers.
xbow.com/blog/series-b/
Bad actors are adopting AI to automate and accelerate attacks.
@xbow.com fights back: AI vs. AI to secure software. Let’s out-hack the hackers.
xbow.com/blog/series-b/
XBOW – Taking the Top Hacker in the US to New Heights: XBOW Raises $75M Series B
XBOW has reached a critical milestone: our AI now rivals and surpasses top-tier human hackers.
xbow.com
June 24, 2025 at 8:01 PM
We are thrilled to announce our $75M Series B, led by Apoorv Agrawal of Altimeter Capital.
Bad actors are adopting AI to automate and accelerate attacks.
@xbow.com fights back: AI vs. AI to secure software. Let’s out-hack the hackers.
xbow.com/blog/series-b/
Bad actors are adopting AI to automate and accelerate attacks.
@xbow.com fights back: AI vs. AI to secure software. Let’s out-hack the hackers.
xbow.com/blog/series-b/
Real security is POC || GTFO – and XBOW agrees.
We’re releasing technical deep-dives on cool findings from our journey to the top of the HackerOne US leaderboard.
The first is a zero-day XSS in Palo Alto Networks GlobalProtect by @pwntester.bsky.social.
xbow.com/blog/xbow-gl...
We’re releasing technical deep-dives on cool findings from our journey to the top of the HackerOne US leaderboard.
The first is a zero-day XSS in Palo Alto Networks GlobalProtect by @pwntester.bsky.social.
xbow.com/blog/xbow-gl...
XBOW – Breaking the Shield: How XBOW Discovered Multiple XSS Vulnerabilities in Palo Alto’s GlobalProtect VPN
XBOW discovered multiple cross-site scripting (XSS) vulnerabilities in Palo Alto Networks’ GlobalProtect VPN web application
xbow.com
June 24, 2025 at 7:58 PM
Real security is POC || GTFO – and XBOW agrees.
We’re releasing technical deep-dives on cool findings from our journey to the top of the HackerOne US leaderboard.
The first is a zero-day XSS in Palo Alto Networks GlobalProtect by @pwntester.bsky.social.
xbow.com/blog/xbow-gl...
We’re releasing technical deep-dives on cool findings from our journey to the top of the HackerOne US leaderboard.
The first is a zero-day XSS in Palo Alto Networks GlobalProtect by @pwntester.bsky.social.
xbow.com/blog/xbow-gl...
How did @xbow.com become the top-ranked hacker in the US on HackerOne?
@nicowaisman.bsky.social takes you behind the scenes to show how it all works, from reconnaissance to zero day discovery:
xbow.com/blog/top-1-h...
@nicowaisman.bsky.social takes you behind the scenes to show how it all works, from reconnaissance to zero day discovery:
xbow.com/blog/top-1-h...
XBOW – The road to Top 1: How XBOW did it
For the first time in bug bounty history, an autonomous penetration tester has reached the top spot on the US leaderboard.
xbow.com
June 24, 2025 at 7:56 PM
How did @xbow.com become the top-ranked hacker in the US on HackerOne?
@nicowaisman.bsky.social takes you behind the scenes to show how it all works, from reconnaissance to zero day discovery:
xbow.com/blog/top-1-h...
@nicowaisman.bsky.social takes you behind the scenes to show how it all works, from reconnaissance to zero day discovery:
xbow.com/blog/top-1-h...
XBOW automatically runs expert-level attacks across all webapps, giving security teams unprecedented scale.
@xbow.com reported 1092 vulnerabilities on HackerOne in just a few months, including RCE, XXE, SQLi, SSRF, exposed secrets, and XSS.
@xbow.com reported 1092 vulnerabilities on HackerOne in just a few months, including RCE, XXE, SQLi, SSRF, exposed secrets, and XSS.
June 24, 2025 at 7:55 PM
XBOW automatically runs expert-level attacks across all webapps, giving security teams unprecedented scale.
@xbow.com reported 1092 vulnerabilities on HackerOne in just a few months, including RCE, XXE, SQLi, SSRF, exposed secrets, and XSS.
@xbow.com reported 1092 vulnerabilities on HackerOne in just a few months, including RCE, XXE, SQLi, SSRF, exposed secrets, and XSS.
In 2025, solving CTFs is table stakes. To prove that AI agents can hack, we need attacks on live production systems.
Earlier this year, @xbow.com became the top hacker in the US on @hacker0x01.bsky.social, outperforming every human participant.
It’s the first time an autonomous system has done so.
Earlier this year, @xbow.com became the top hacker in the US on @hacker0x01.bsky.social, outperforming every human participant.
It’s the first time an autonomous system has done so.
June 24, 2025 at 7:52 PM
In 2025, solving CTFs is table stakes. To prove that AI agents can hack, we need attacks on live production systems.
Earlier this year, @xbow.com became the top hacker in the US on @hacker0x01.bsky.social, outperforming every human participant.
It’s the first time an autonomous system has done so.
Earlier this year, @xbow.com became the top hacker in the US on @hacker0x01.bsky.social, outperforming every human participant.
It’s the first time an autonomous system has done so.