Skip to main content
Alvaro Muñoz

Alvaro Muñoz

Security Researcher | XBOW @ XBOW

LinkedInGitHubX
BlogProduct
Getting to “Should I?"

Getting to “Should I?”, Instead of “Can I?”: How XBOW Finds IDORs With High Accuracy in Ambiguous Contexts

Alvaro Muñoz
ResourceWebinars
200 Zero-Days, Zero False Positives: How XBOW Scales AI Exploitation

200 Zero-Days, Zero False Positives: How XBOW Scales AI Exploitation

Alvaro Muñoz, Brendan Dolan‑Gavitt
BlogAI Research
Tales from the Trace: How Agentic AI Merges Static and Dynamic Testing

Tales from the Trace: How Agentic AI Merges Static and Dynamic Testing

Ray Kelly, Alvaro Muñoz
BlogSecurity Research
Another Byte Bites the Dust - How XBOW Turned a Blind SSRF into a File Reading Oracle

Another Byte Bites the Dust - How XBOW Turned a Blind SSRF into a File Reading Oracle

Alvaro Muñoz
BlogSecurity Research
Beyond the Bands: Exploiting TiTiler’s Expression Parser for Remote Code Execution

Beyond the Bands: Exploiting TiTiler’s Expression Parser for Remote Code Execution

Alvaro Muñoz
BlogSecurity Research
Breaking the Shield: How XBOW Discovered Multiple XSS Vulnerabilities in Palo Alto’s GlobalProtect VPN

Breaking the Shield: How XBOW Discovered Multiple XSS Vulnerabilities in Palo Alto’s GlobalProtect VPN

Alvaro Muñoz
BlogSecurity Research
XBOW Battles Ninja Tables: Who’s the Real Ninja?

XBOW Battles Ninja Tables: Who’s the Real Ninja?

Alvaro Muñoz