Lightnews — Scholar-powered news

Reposted by Brendan Dolan-Gavitt

Marcelo Rinesi @marcelorinesi.bsky.social · Aug 14

"AI Agents for Offsec with Zero False Positives" by @moyix.net

The title threw me off originally, but it's not wrong! IMHO it's the archetypal pattern of good LLM usage: they suck at *verifying* but in some domains are quite freakishly good at *proposing.*

Black Hat

www.blackhat.com

1 6

Brendan Dolan-Gavitt @moyix.net · Jul 30

I had an amazing time at NYU and am particularly grateful to have had the opportunity to meet and advise so many incredible students. But right now is a unique moment in the history of computer science and I believe it’s one that, for me, is best pursued outside of academia.

2 5

Brendan Dolan-Gavitt @moyix.net · Jul 30

So, I’m not sure there is any good time to announce this, but as of August 31st I will be leaving NYU for good, to seek my fortune in industry with XBOW!

5 19

Reposted by Brendan Dolan-Gavitt

XBOW @xbow.com · Jul 28

False positives waste your time.
False negatives cost you breaches.

At @BlackHatEvents , @moyix shows how XBOW agents fight false positives — validating real exploits at scale, in hours.

📍Aug 7 | 11:20am

3 3

Brendan Dolan-Gavitt @moyix.net · Jul 28

I think this is the coolest of the vulns / exploits it came up with on our climb to #1 on HackerOne, but I am open to the possibility that it will find something even cooler tomorrow :)

1

Brendan Dolan-Gavitt @moyix.net · Jul 28

Such a cool exploit needs commensurately cool bling, so Alvaro (who wrote up the excellent post on this vuln) created this lovely little TUI so you can watch as it exfiltrates files from your server byte by byte

1 3

Brendan Dolan-Gavitt @moyix.net · Jul 28

So how do you precisely read a byte? Easy: you ask for the pixel histogram of a raw image consisting of byte [i...i+1] of the file. And you get back something like

histogram: [0, 0, 1, 0, 0], [59.8, 59.9, 60.0, 60.1, 60.2]

Telling you that the byte is ASCII 60 ('<')

1

Brendan Dolan-Gavitt @moyix.net · Jul 28

The second trick is also quite lovely. It had found that it could read arbitrary files, but how to return the data? The secret was in a /statistics endpoint that, among other things, could provide a histogram of the pixel values.

1

Brendan Dolan-Gavitt @moyix.net · Jul 28

To decode it, XBOW had to realize that the file contents had been encoded using an encoding that stores pixels as deltas from the previous pixel. So cool!

1

Brendan Dolan-Gavitt @moyix.net · Jul 28

There are not one, but two different super-cool exfil tricks in this post. The first gets the app to exfiltrate the content of an arbitrary URL by encoding its bytes as raw pixels, giving the image we saw earlier.

1

Brendan Dolan-Gavitt @moyix.net · Jul 28

The trick to how it did it is in this post: xbow.com/blog/xbow-ti... Some details below...

XBOW – Another Byte Bites the Dust - How XBOW Turned a Blind SSRF into a File Reading Oracle

A complete arbitrary local file read vulnerability achieved through an ingenious byte-by-byte exfiltration technique.

xbow.com

1 3 8

Brendan Dolan-Gavitt @moyix.net · Jul 28

Can you read the exfiltrated file encoded in this image? @xbow.com figured out how to :D

A screenshot of OSX preview, showing an image "output.png" with a file encoded as greyscale pixel data. The image is a long, thin strip going from left to right with various greyscale pixels.

1 1 4

Brendan Dolan-Gavitt @moyix.net · Jul 25

Thanks! Should be fixed

1

Brendan Dolan-Gavitt @moyix.net · Jul 25

This one and the sequel (coming out next week) are among my favorite bugs we found. It turns out GIS does NOT stand for “Good Information Security”

XBOW @xbow.com · Jul 24

From SSRF discovery to RCE exploitation in 32 iterations.

XBOW systematically analyzed TiTiler's expression parser, discovered Python execution through error patterns, then crafted payloads using subclass traversal to achieve command execution.

Complete analysis: bit.ly/46XzOiA

XBOW – Beyond the Bands: Exploiting TiTiler’s Expression Parser for Remote Code Execution

A methodical analysis of TiTiler's API endpoints and its expression parser, leading to arbitrary Python code execution on the server.

bit.ly

1 3

Brendan Dolan-Gavitt @moyix.net · Jul 18

Any grad student could tell you that's not true. You can get free lunch by just showing up to the start of the seminar, grabbing a slice of pizza, and getting away while the speaker is trying to get their laptop connected to AV

1

Brendan Dolan-Gavitt @moyix.net · Jul 17

All credit here to Albert Ziegler, who came up with the idea and wrote a beautifully clear post about it :D I think this blog is also the most info we've released about how our agent actually works!

2

Brendan Dolan-Gavitt @moyix.net · Jul 17

Given two models with unique strengths, can we combine them to get the benefits of both w/o extra model calls? It turns out yes: just flip a coin at each turn to decide which model to query! This gave a jump from 25% to 55% on our benchmarks! xbow.com/blog/alloy-a...

XBOW – Agents Built From Alloys

A simple, powerful innovation boosts performance in agentic AI systems.

xbow.com

2 1 6

Brendan Dolan-Gavitt @moyix.net · Jul 15

Loved this 0day @xbow.com found in a popular wordpress plugin, and IMO it shows the value added by the LLM - a scanner can't find this automatically without realizing there's a nonce you need to extract & include in the request. You need that extra bit of context: xbow.com/blog/xbow-ni...

XBOW – XBOW battles Ninja Tables: Who’s the Real Ninja?

Sharing the story of how XBOW sniffed out a sneaky arbitrary file read bug in the popular WordPress Ninja Tables plugin.

xbow.com

3

Brendan Dolan-Gavitt @moyix.net · Jul 11

So... anyone else going to SummerCon today or tomorrow? I should be stopping by both days, for the first time in many years!

2

Brendan Dolan-Gavitt @moyix.net · Jun 30

Easy:
0: not interesting or true
1: interesting
2: true
3: interesting and true

2 2

Brendan Dolan-Gavitt @moyix.net · Jun 30

Yeah! Thinking back to even 18 months ago, it's kind of crazy to me that LLM agents actually kinda work?

1 2

Brendan Dolan-Gavitt @moyix.net · Jun 30

A lovely little XXE that XBOW found in Akamai Cloudtest leading to arbitrary file read! I like the error-based exfil technique: "yes please access the file named <contents of /etc/passwd> for me thx"

XBOW @xbow.com · Jun 30

Even mature products hide critical flaws – and @xbow.com just found another one.

CVE-2025-49493: XXE in Akamai CloudTest discovered during its climb to #1 on HackerOne.

A complete technical breakdown from an error-based detection to a full exfiltration by Diego Jurado: xbow.com/blog/xbow-ak...

XBOW – CVE-2025-49493: XML External Entity (XXE) Injection in Akamai CloudTest

When XBOW met Akamai: a walkthrough of discovering and exploiting an XML External Entity vulnerability (CVE-2025-49493) in a widely-deployed application.

xbow.com

1 6

Reposted by Brendan Dolan-Gavitt

WIRED @wired.com · Jun 25

One of the best bug-hunters in the world is an AI tool called Xbow, just one of many signs of the coming age of cybersecurity automation.

AI Agents Are Getting Better at Writing Code—and Hacking It as Well

One of the best bug-hunters in the world is an AI tool called Xbow, just one of many signs of the coming age of cybersecurity automation.

wrd.cm

2 9 69

Brendan Dolan-Gavitt @moyix.net · Jun 24

This is the first of a series of posts we're doing on some of the vulns found as part of the HackerOne work – we have lots more fun ones coming up about some great SSRF, SQLi, and RCE vulns it discovered, with very clever exploit techniques :)

XBOW @xbow.com · Jun 24

Real security is POC || GTFO – and XBOW agrees.

We’re releasing technical deep-dives on cool findings from our journey to the top of the HackerOne US leaderboard.

The first is a zero-day XSS in Palo Alto Networks GlobalProtect by @pwntester.bsky.social.

xbow.com/blog/xbow-gl...

XBOW – Breaking the Shield: How XBOW Discovered Multiple XSS Vulnerabilities in Palo Alto’s GlobalProtect VPN

XBOW discovered multiple cross-site scripting (XSS) vulnerabilities in Palo Alto Networks’ GlobalProtect VPN web application

xbow.com

3 8

Brendan Dolan-Gavitt @moyix.net · Jun 24

It has been great fun building this and watching it deliver a steady stream of real vulnerabilities in live sites! If you're curious how we did it, @nicowaisman.bsky.social has a new post: xbow.com/blog/top-1-h...

2 10