XBOW Blog

XBOW Blog https://website-xbow.vercel.app//blog Latest posts from the XBOW blog en-us AI Pentesting Tools vs Automated Vulnerability Scanners https://website-xbow.vercel.app//blog/ai-pentesting-vs-vulnerability-scanners https://website-xbow.vercel.app//blog/ai-pentesting-vs-vulnerability-scanners AI pentesting goes beyond automated vulnerability scanning by proving which vulnerabilities are actually exploitable, dramatically reducing false positives and delivering more accurate, actionable security findings. Thu, 18 Jun 2026 12:00:00 GMT XBOW Team Offensive Security Academy Enterprise Application Pentesting Best Practices: A Guide for Large-Scale Security Teams https://website-xbow.vercel.app//blog/ai-pentesting-enterprise-large-security-teams https://website-xbow.vercel.app//blog/ai-pentesting-enterprise-large-security-teams Enterprise pentesting requires continuous, validated testing that scales with changing applications, helping security teams prioritize real risk, accelerate remediation, and maintain coverage across complex environments. Fri, 12 Jun 2026 12:00:00 GMT XBOW Team Offensive Security Academy How CISOs Can Close the AI Security Gap Before It Widens: A Practical Framework https://website-xbow.vercel.app//blog/how-cisos-can-close-the-ai-security-gap https://website-xbow.vercel.app//blog/how-cisos-can-close-the-ai-security-gap AI is helping attackers move faster, not differently. Learn the practical steps CISOs can take now to strengthen security fundamentals, accelerate remediation, and prepare for AI-driven threats. Tue, 09 Jun 2026 12:00:00 GMT Suzanne Ciccone Security Research GPT-5.5 and XBOW: A Step Change in Autonomous Application Security https://website-xbow.vercel.app//blog/gpt-5-5-and-xbow-a-step-change-in-autonomous-application-security https://website-xbow.vercel.app//blog/gpt-5-5-and-xbow-a-step-change-in-autonomous-application-security The most efficient vulnerability discovery model we’ve ever tested is now part of XBOW. Wed, 03 Jun 2026 12:00:00 GMT Christopher Ford AI Research Mythos and GPT-5.5 Will Find a Lot of Vulnerabilities. Is That Enough? https://website-xbow.vercel.app//blog/mythos-gpt-5-5-ai-vulnerability-detection-security https://website-xbow.vercel.app//blog/mythos-gpt-5-5-ai-vulnerability-detection-security Frontier AI models like Mythos and GPT-5.5 can uncover real vulnerabilities, but enterprise-ready offensive security requires much more than finding bugs, including coverage, validation, safety, governance, and operational integration. Tue, 02 Jun 2026 12:00:00 GMT Suzanne Ciccone AI Research Getting to “Should I?”, Instead of “Can I?”: How XBOW Finds IDORs With High Accuracy in Ambiguous Contexts https://website-xbow.vercel.app//blog/xbow-finds-idors-high-accuracy-ambiguous-context https://website-xbow.vercel.app//blog/xbow-finds-idors-high-accuracy-ambiguous-context By understanding expected access patterns before testing them, XBOW brings context-aware reasoning to complex authorization issues. Thu, 28 May 2026 12:00:00 GMT Alvaro Muñoz Product Ethical Considerations in AI-Driven Penetration Testing: A Governance Framework for Security Teams https://website-xbow.vercel.app//blog/ethical-considerations-ai-pentesting https://website-xbow.vercel.app//blog/ethical-considerations-ai-pentesting AI-driven pentesting introduces new governance challenges around authorization, accountability, privacy, and explainability, requiring security teams to pair autonomous testing with enforceable controls, validated findings, and human oversight. Fri, 22 May 2026 12:00:00 GMT XBOW Team Offensive Security Academy Dead.Letter (CVE-2026-45185) How XBOW Found an Unauthenticated RCE on Exim https://website-xbow.vercel.app//blog/dead-letter-cve-2026-45185-xbow-found-rce-exim https://website-xbow.vercel.app//blog/dead-letter-cve-2026-45185-xbow-found-rce-exim XBOW discovered CVE-2026-45185, a critical unauthenticated RCE in Exim, and used the disclosure window to test how far human and autonomous exploit development could go. Tue, 12 May 2026 14:00:00 GMT Federico Kirschbaum Andres Luksenberg Security Research Mythos for Offensive Security: XBOW's Evaluation https://website-xbow.vercel.app//blog/mythos-offensive-security-xbow-evaluation https://website-xbow.vercel.app//blog/mythos-offensive-security-xbow-evaluation We received early access to Mythos Preview for early capability testing a few weeks back. Today, we can finally share what we found. Tue, 12 May 2026 12:00:00 GMT Albert Ziegler Offensive Security Academy 10 Red Flags to Investigate When Evaluating AI Pentesting Vendors https://website-xbow.vercel.app//blog/ai-pentest-vendors-red-flags https://website-xbow.vercel.app//blog/ai-pentest-vendors-red-flags AI pentesting helps security teams scale testing and improve efficiency, but many vendors overstate AI capabilities and results. To simplify evaluation, watch for key red flags and challenge questionable claims early in the process. Fri, 08 May 2026 12:00:00 GMT XBOW Team Offensive Security Academy What Is Insecure Direct Object Reference (IDOR), and How Do You Test for It? https://website-xbow.vercel.app//blog/insecure-direct-object-reference-idor https://website-xbow.vercel.app//blog/insecure-direct-object-reference-idor IDORs are difficult because they live in the gap between what an application accepts and what it should allow. Finding them consistently requires persistence, context, and the ability to reason through business logic. Wed, 06 May 2026 12:00:00 GMT XBOW Team Offensive Security Academy How to Evaluate an AI Pentesting Vendor: A Decision Framework for Security Leaders https://website-xbow.vercel.app//blog/ai-pentesting-evaluation-guide https://website-xbow.vercel.app//blog/ai-pentesting-evaluation-guide AI pentesting helps scale offensive security by automating discovery, exploitation, and validation, with solutions ranging from assisted tools to fully autonomous agents. Mon, 27 Apr 2026 12:00:00 GMT XBOW Team Offensive Security Academy GPT-5.5: Democratizing Cyber Capabilities https://website-xbow.vercel.app//blog/democratizing-cyber-capabilities https://website-xbow.vercel.app//blog/democratizing-cyber-capabilities Today, OpenAI released GPT 5.5, its answer to Anthropic’s Mythos. The two companies took very different paths. This is the same old security question: who gets access to powerful tools and research? Thu, 23 Apr 2026 18:00:00 GMT Oege de Moor Nico Waisman Company News GPT-5.5: Mythos-Like Hacking, Open to All https://website-xbow.vercel.app//blog/mythos-like-hacking-open-to-all https://website-xbow.vercel.app//blog/mythos-like-hacking-open-to-all We had early access over the past few weeks and tested it across our benchmarks and workflows. Here’s how 5.5 performed for our offensive security capabilities. Thu, 23 Apr 2026 18:00:00 GMT Albert Ziegler Steve Buckley AI Research Smaller Bites, Bigger Meals: What We Learned Running Opus 4.7 in Offensive Workflows https://website-xbow.vercel.app//blog/anthropic-opus4-7-first-look https://website-xbow.vercel.app//blog/anthropic-opus4-7-first-look We got exclusive early access to Anthropic's latest model Opus 4.7. Here's what's new, what's improved, and why it matters for the future of AI security. Thu, 16 Apr 2026 14:00:25 GMT Albert Ziegler AI Research Offensive Security Needs to Become Continuous https://website-xbow.vercel.app//blog/offensive-security-needs-to-become-continuous https://website-xbow.vercel.app//blog/offensive-security-needs-to-become-continuous Continuous offensive security will become a shared layer that connects how software is built with how it’s secured. Thu, 09 Apr 2026 12:00:00 GMT Christopher Ford Product AI for Pentesting: Strengths, Weaknesses, and Where XBOW Fills the Gaps https://website-xbow.vercel.app//blog/ai-pentesting-strengths-weaknesses-xbow-fills-gaps https://website-xbow.vercel.app//blog/ai-pentesting-strengths-weaknesses-xbow-fills-gaps AI is transforming pentesting, but models alone fall short. Learn where AI excels, where it needs structure, and how validation and orchestration make it reliable. Wed, 08 Apr 2026 12:00:00 GMT Albert Ziegler AI Research AI-Assisted Attack Path Analysis and Exploitation Planning https://website-xbow.vercel.app//blog/ai-exploitation-attack-path-analysis https://website-xbow.vercel.app//blog/ai-exploitation-attack-path-analysis AI-driven pentesting analyzes attack paths and plans exploits, connecting vulnerabilities into real attack chains and validating them to identify truly exploitable risk. Tue, 07 Apr 2026 12:00:00 GMT XBOW Team Offensive Security Academy Machine Learning for Vulnerability Discovery https://website-xbow.vercel.app//blog/machine-learning-for-vulnerability-discovery https://website-xbow.vercel.app//blog/machine-learning-for-vulnerability-discovery Machine learning accelerates vulnerability discovery but lacks runtime context, making AI-driven validation essential to reduce false positives and confirm real exploitability. Fri, 03 Apr 2026 12:00:00 GMT XBOW Team Offensive Security Academy Three Critical RCE Vulnerabilities in Microsoft Software Identified Autonomously by XBOW https://website-xbow.vercel.app//blog/three-rce-vulnerabilities-in-microsoft-identified-xbow https://website-xbow.vercel.app//blog/three-rce-vulnerabilities-in-microsoft-identified-xbow For the first time, autonomous AI uncovered critical RCE vulnerabilities in Microsoft Cloud, demonstrating how AI-driven pentesting is accelerating real-world exploit discovery. Thu, 02 Apr 2026 04:00:00 GMT Nico Waisman Security Research