XBOW
@xbow.com
Bringing AI to offensive security by autonomously finding and exploiting web vulnerabilities. Watch XBOW hack things: https://xbow.com/traces
🗓️ Still haven’t registered for this week’s webinar? There’s time!
Join our experts for a trace-level walkthrough of how real IDORs are discovered using creative reasoning, going beyond traditional scanners to find vulnerabilities that others miss.
Register: xbow.com/webinar-trac...
Join our experts for a trace-level walkthrough of how real IDORs are discovered using creative reasoning, going beyond traditional scanners to find vulnerabilities that others miss.
Register: xbow.com/webinar-trac...
February 11, 2026 at 5:53 PM
🗓️ Still haven’t registered for this week’s webinar? There’s time!
Join our experts for a trace-level walkthrough of how real IDORs are discovered using creative reasoning, going beyond traditional scanners to find vulnerabilities that others miss.
Register: xbow.com/webinar-trac...
Join our experts for a trace-level walkthrough of how real IDORs are discovered using creative reasoning, going beyond traditional scanners to find vulnerabilities that others miss.
Register: xbow.com/webinar-trac...
We’re going to #RSAC 📍
Attending? Here’s how to connect with us:
👋 Meet our team at Booth #1843
💬 Chat 1:1 with our experts
▶️ Catch live demos
🗓 Pick the brains of our founders and executive team about the future of offensive security in the AI-threat landscape
🔗 https://bit.ly/4qWj9Db
Attending? Here’s how to connect with us:
👋 Meet our team at Booth #1843
💬 Chat 1:1 with our experts
▶️ Catch live demos
🗓 Pick the brains of our founders and executive team about the future of offensive security in the AI-threat landscape
🔗 https://bit.ly/4qWj9Db
February 10, 2026 at 2:00 PM
We’re going to #RSAC 📍
Attending? Here’s how to connect with us:
👋 Meet our team at Booth #1843
💬 Chat 1:1 with our experts
▶️ Catch live demos
🗓 Pick the brains of our founders and executive team about the future of offensive security in the AI-threat landscape
🔗 https://bit.ly/4qWj9Db
Attending? Here’s how to connect with us:
👋 Meet our team at Booth #1843
💬 Chat 1:1 with our experts
▶️ Catch live demos
🗓 Pick the brains of our founders and executive team about the future of offensive security in the AI-threat landscape
🔗 https://bit.ly/4qWj9Db
Real attackers. Real results.
In just a few clicks, see how your apps stand up to real-world attackers and get a clear path forward.
Learn if your team qualifies for a free Lightspeed pre-flight: https://xbow.com/pentest-lightspeed
#AppSec #OffensiveSecurity #Cybersecurity
In just a few clicks, see how your apps stand up to real-world attackers and get a clear path forward.
Learn if your team qualifies for a free Lightspeed pre-flight: https://xbow.com/pentest-lightspeed
#AppSec #OffensiveSecurity #Cybersecurity
February 9, 2026 at 9:53 PM
Real attackers. Real results.
In just a few clicks, see how your apps stand up to real-world attackers and get a clear path forward.
Learn if your team qualifies for a free Lightspeed pre-flight: https://xbow.com/pentest-lightspeed
#AppSec #OffensiveSecurity #Cybersecurity
In just a few clicks, see how your apps stand up to real-world attackers and get a clear path forward.
Learn if your team qualifies for a free Lightspeed pre-flight: https://xbow.com/pentest-lightspeed
#AppSec #OffensiveSecurity #Cybersecurity
📣 XBOW is now available on AWS Marketplace!
AWS customers can now purchase XBOW through their existing workflows & use committed spend, while getting pentest results in hours, backed by real exploit validation.
Read about the partnership & a limited-time 50% for XBOW Lightspeed: bit.ly/4qnVrPk
AWS customers can now purchase XBOW through their existing workflows & use committed spend, while getting pentest results in hours, backed by real exploit validation.
Read about the partnership & a limited-time 50% for XBOW Lightspeed: bit.ly/4qnVrPk
February 5, 2026 at 7:00 PM
📣 XBOW is now available on AWS Marketplace!
AWS customers can now purchase XBOW through their existing workflows & use committed spend, while getting pentest results in hours, backed by real exploit validation.
Read about the partnership & a limited-time 50% for XBOW Lightspeed: bit.ly/4qnVrPk
AWS customers can now purchase XBOW through their existing workflows & use committed spend, while getting pentest results in hours, backed by real exploit validation.
Read about the partnership & a limited-time 50% for XBOW Lightspeed: bit.ly/4qnVrPk
Come see XBOW in action 🔍
Learn how IDORs are discovered and exploited in practice.
Leave with insight into:
• Why scanners fail at IDORs
• How agentic reasoning over objects, roles, and auth states finds and stops them
Register: https://bit.ly/3ZNIQdg
Learn how IDORs are discovered and exploited in practice.
Leave with insight into:
• Why scanners fail at IDORs
• How agentic reasoning over objects, roles, and auth states finds and stops them
Register: https://bit.ly/3ZNIQdg
February 5, 2026 at 3:24 PM
Come see XBOW in action 🔍
Learn how IDORs are discovered and exploited in practice.
Leave with insight into:
• Why scanners fail at IDORs
• How agentic reasoning over objects, roles, and auth states finds and stops them
Register: https://bit.ly/3ZNIQdg
Learn how IDORs are discovered and exploited in practice.
Leave with insight into:
• Why scanners fail at IDORs
• How agentic reasoning over objects, roles, and auth states finds and stops them
Register: https://bit.ly/3ZNIQdg
Aim for what matters every time. 🎯
Hear from our partner Rhymetec about how they conduct AI-powered pentesting in real-world deployments.
Here’s what autonomous offensive security in action looks like: https://bit.ly/4q95DLc
Hear from our partner Rhymetec about how they conduct AI-powered pentesting in real-world deployments.
Here’s what autonomous offensive security in action looks like: https://bit.ly/4q95DLc
February 4, 2026 at 6:56 PM
Aim for what matters every time. 🎯
Hear from our partner Rhymetec about how they conduct AI-powered pentesting in real-world deployments.
Here’s what autonomous offensive security in action looks like: https://bit.ly/4q95DLc
Hear from our partner Rhymetec about how they conduct AI-powered pentesting in real-world deployments.
Here’s what autonomous offensive security in action looks like: https://bit.ly/4q95DLc
Most IDORs aren’t “guess the next number.” They hide in real authorization logic.
In our latest Tales from the Trace, XBOW uncovered two zero-day IDORs by reasoning through the app like a pentester, even after 403s and 502s.
Check it out: https://bit.ly/4kmlmpg
In our latest Tales from the Trace, XBOW uncovered two zero-day IDORs by reasoning through the app like a pentester, even after 403s and 502s.
Check it out: https://bit.ly/4kmlmpg
February 4, 2026 at 1:09 PM
Most IDORs aren’t “guess the next number.” They hide in real authorization logic.
In our latest Tales from the Trace, XBOW uncovered two zero-day IDORs by reasoning through the app like a pentester, even after 403s and 502s.
Check it out: https://bit.ly/4kmlmpg
In our latest Tales from the Trace, XBOW uncovered two zero-day IDORs by reasoning through the app like a pentester, even after 403s and 502s.
Check it out: https://bit.ly/4kmlmpg
Traditional DAST ≠ dev-friendly.
That's why we go beyond traditional DAST, delivering AI-generated vulnerability reports that provide real exploit paths, app behavior, and code context, so teams can fix faster.
Read more in Tales from the Trace 👉 https://bit.ly/4rr5Jz1
That's why we go beyond traditional DAST, delivering AI-generated vulnerability reports that provide real exploit paths, app behavior, and code context, so teams can fix faster.
Read more in Tales from the Trace 👉 https://bit.ly/4rr5Jz1
February 3, 2026 at 6:53 PM
Traditional DAST ≠ dev-friendly.
That's why we go beyond traditional DAST, delivering AI-generated vulnerability reports that provide real exploit paths, app behavior, and code context, so teams can fix faster.
Read more in Tales from the Trace 👉 https://bit.ly/4rr5Jz1
That's why we go beyond traditional DAST, delivering AI-generated vulnerability reports that provide real exploit paths, app behavior, and code context, so teams can fix faster.
Read more in Tales from the Trace 👉 https://bit.ly/4rr5Jz1
The AI arms race doesn’t mean defenders lose.
Our CEO, Oege de Moor, joined @economist.com’s new "Boss Class" podcast to discuss how AI is accelerating real-world pentesting and ultimately giving the good guys better tools.
Link in replies 🔗
Our CEO, Oege de Moor, joined @economist.com’s new "Boss Class" podcast to discuss how AI is accelerating real-world pentesting and ultimately giving the good guys better tools.
Link in replies 🔗
February 3, 2026 at 4:02 PM
The AI arms race doesn’t mean defenders lose.
Our CEO, Oege de Moor, joined @economist.com’s new "Boss Class" podcast to discuss how AI is accelerating real-world pentesting and ultimately giving the good guys better tools.
Link in replies 🔗
Our CEO, Oege de Moor, joined @economist.com’s new "Boss Class" podcast to discuss how AI is accelerating real-world pentesting and ultimately giving the good guys better tools.
Link in replies 🔗
Introducing the XBOW Public API
Run expert-level pentests at machine speed, now at infrastructure scale.
Embed autonomous pentesting directly into your workflows: launch assessments, pull findings, stream results via webhooks, and more.
Read the announcement: https://bit.ly/45Kkq7V
Run expert-level pentests at machine speed, now at infrastructure scale.
Embed autonomous pentesting directly into your workflows: launch assessments, pull findings, stream results via webhooks, and more.
Read the announcement: https://bit.ly/45Kkq7V
February 2, 2026 at 4:01 PM
Introducing the XBOW Public API
Run expert-level pentests at machine speed, now at infrastructure scale.
Embed autonomous pentesting directly into your workflows: launch assessments, pull findings, stream results via webhooks, and more.
Read the announcement: https://bit.ly/45Kkq7V
Run expert-level pentests at machine speed, now at infrastructure scale.
Embed autonomous pentesting directly into your workflows: launch assessments, pull findings, stream results via webhooks, and more.
Read the announcement: https://bit.ly/45Kkq7V
Can XBOW hack your app?
Find out how your app holds up against real-world attackers.
👉 See for yourself: https://bit.ly/49WNjPy
Find out how your app holds up against real-world attackers.
👉 See for yourself: https://bit.ly/49WNjPy
January 29, 2026 at 6:59 PM
Can XBOW hack your app?
Find out how your app holds up against real-world attackers.
👉 See for yourself: https://bit.ly/49WNjPy
Find out how your app holds up against real-world attackers.
👉 See for yourself: https://bit.ly/49WNjPy
New look. Same mission. 🏹
Our visual identity is evolving, but our focus hasn’t changed: redefining how organizations think about offensive security by transforming application security with AI-powered, continuous offense.
Explore what’s new: https://bit.ly/3ZDQVkx
Our visual identity is evolving, but our focus hasn’t changed: redefining how organizations think about offensive security by transforming application security with AI-powered, continuous offense.
Explore what’s new: https://bit.ly/3ZDQVkx
January 26, 2026 at 5:53 PM
New look. Same mission. 🏹
Our visual identity is evolving, but our focus hasn’t changed: redefining how organizations think about offensive security by transforming application security with AI-powered, continuous offense.
Explore what’s new: https://bit.ly/3ZDQVkx
Our visual identity is evolving, but our focus hasn’t changed: redefining how organizations think about offensive security by transforming application security with AI-powered, continuous offense.
Explore what’s new: https://bit.ly/3ZDQVkx
We’re thrilled to welcome WonLae Lee, a respected offensive security leader with decades of experience, as General Manager of South Korea. His leadership will play a key role as XBOW continues to grow across the Asia-Pacific region! https://bit.ly/49yjRR4
January 22, 2026 at 3:58 PM
We’re thrilled to welcome WonLae Lee, a respected offensive security leader with decades of experience, as General Manager of South Korea. His leadership will play a key role as XBOW continues to grow across the Asia-Pacific region! https://bit.ly/49yjRR4
Where security goes on offense.
Trained by top hackers, proven in the wild. Ranked #1 on HackerOne worldwide leaderboard.
Explore it during our limited 10-day promotion. xbow.com/pentest
Trained by top hackers, proven in the wild. Ranked #1 on HackerOne worldwide leaderboard.
Explore it during our limited 10-day promotion. xbow.com/pentest
December 16, 2025 at 5:48 PM
Where security goes on offense.
Trained by top hackers, proven in the wild. Ranked #1 on HackerOne worldwide leaderboard.
Explore it during our limited 10-day promotion. xbow.com/pentest
Trained by top hackers, proven in the wild. Ranked #1 on HackerOne worldwide leaderboard.
Explore it during our limited 10-day promotion. xbow.com/pentest
Seznam needed answers fast.
XBOW delivered. ⚡
Real pentest results. No drag. No drama.
For a limited time, we’re offering the same fast-track pentest experience and we will guarantee an exploit-validated security finding or you don’t pay.
⏰ Offer ends 12/26.
👉 xbow.com/pentest
XBOW delivered. ⚡
Real pentest results. No drag. No drama.
For a limited time, we’re offering the same fast-track pentest experience and we will guarantee an exploit-validated security finding or you don’t pay.
⏰ Offer ends 12/26.
👉 xbow.com/pentest
December 15, 2025 at 4:55 PM
Seznam needed answers fast.
XBOW delivered. ⚡
Real pentest results. No drag. No drama.
For a limited time, we’re offering the same fast-track pentest experience and we will guarantee an exploit-validated security finding or you don’t pay.
⏰ Offer ends 12/26.
👉 xbow.com/pentest
XBOW delivered. ⚡
Real pentest results. No drag. No drama.
For a limited time, we’re offering the same fast-track pentest experience and we will guarantee an exploit-validated security finding or you don’t pay.
⏰ Offer ends 12/26.
👉 xbow.com/pentest
Pentests that take weeks cannot secure software that changes daily.
🚀 XBOW Lightspeed provides expert-level testing in hours with autonomous offensive security.
📍 See it live at Booth 215 today!
🚀 XBOW Lightspeed provides expert-level testing in hours with autonomous offensive security.
📍 See it live at Booth 215 today!
December 10, 2025 at 9:25 AM
Pentests that take weeks cannot secure software that changes daily.
🚀 XBOW Lightspeed provides expert-level testing in hours with autonomous offensive security.
📍 See it live at Booth 215 today!
🚀 XBOW Lightspeed provides expert-level testing in hours with autonomous offensive security.
📍 See it live at Booth 215 today!
Black Hat Europe starts today!
📍 Booth 215 all week. Autonomous multi-agent offense. Human-level testing in hours. Full exploit validation.
Come see it live.
📍 Booth 215 all week. Autonomous multi-agent offense. Human-level testing in hours. Full exploit validation.
Come see it live.
December 8, 2025 at 11:56 AM
Black Hat Europe starts today!
📍 Booth 215 all week. Autonomous multi-agent offense. Human-level testing in hours. Full exploit validation.
Come see it live.
📍 Booth 215 all week. Autonomous multi-agent offense. Human-level testing in hours. Full exploit validation.
Come see it live.
Pentests that take weeks can’t secure software that changes daily.
XBOW Lightspeed uses autonomous multi-agent offense to deliver human-level testing in hours, with full exploit validation and continuous coverage.
xbow.com/pentest
XBOW Lightspeed uses autonomous multi-agent offense to deliver human-level testing in hours, with full exploit validation and continuous coverage.
xbow.com/pentest
December 3, 2025 at 7:56 PM
Pentests that take weeks can’t secure software that changes daily.
XBOW Lightspeed uses autonomous multi-agent offense to deliver human-level testing in hours, with full exploit validation and continuous coverage.
xbow.com/pentest
XBOW Lightspeed uses autonomous multi-agent offense to deliver human-level testing in hours, with full exploit validation and continuous coverage.
xbow.com/pentest
3/ The results speak for themselves:
- 30% fewer iterations to exploit targets
- nearly 2x more vulnerabilities found in real world targets
- improved consistency across different attack scenarios
XBOW's agents are now faster, more consistent, and more effective.
- 30% fewer iterations to exploit targets
- nearly 2x more vulnerabilities found in real world targets
- improved consistency across different attack scenarios
XBOW's agents are now faster, more consistent, and more effective.
August 15, 2025 at 9:32 PM
3/ The results speak for themselves:
- 30% fewer iterations to exploit targets
- nearly 2x more vulnerabilities found in real world targets
- improved consistency across different attack scenarios
XBOW's agents are now faster, more consistent, and more effective.
- 30% fewer iterations to exploit targets
- nearly 2x more vulnerabilities found in real world targets
- improved consistency across different attack scenarios
XBOW's agents are now faster, more consistent, and more effective.
2/ OpenAI's own benchmarks were conservative, showing GPT-5 performing comparably to older models in CTF challenges and unable to solve cyber range scenarios unaided.
See Figure 14 from the OpenAI System Card:
See Figure 14 from the OpenAI System Card:
August 15, 2025 at 9:32 PM
2/ OpenAI's own benchmarks were conservative, showing GPT-5 performing comparably to older models in CTF challenges and unable to solve cyber range scenarios unaided.
See Figure 14 from the OpenAI System Card:
See Figure 14 from the OpenAI System Card:
1/ XBOW Unleashes GPT-5’s Hidden Hacking Power.
OpenAI
's initial assessment of GPT-5 showed modest cyber capabilities. But when integrated into the XBOW platform, we saw a completely different story: performance more than doubled.
More on what we found: 🧵
OpenAI
's initial assessment of GPT-5 showed modest cyber capabilities. But when integrated into the XBOW platform, we saw a completely different story: performance more than doubled.
More on what we found: 🧵
August 15, 2025 at 9:31 PM
1/ XBOW Unleashes GPT-5’s Hidden Hacking Power.
OpenAI
's initial assessment of GPT-5 showed modest cyber capabilities. But when integrated into the XBOW platform, we saw a completely different story: performance more than doubled.
More on what we found: 🧵
OpenAI
's initial assessment of GPT-5 showed modest cyber capabilities. But when integrated into the XBOW platform, we saw a completely different story: performance more than doubled.
More on what we found: 🧵
See autonomous pentesting live at #BlackHat!
Next week, XBOW will run on active HackerOne programs from the expo floor.
Watch AI agents find and validate real vulns—fast.
📍 Booth 3257
Next week, XBOW will run on active HackerOne programs from the expo floor.
Watch AI agents find and validate real vulns—fast.
📍 Booth 3257
August 1, 2025 at 5:00 PM
See autonomous pentesting live at #BlackHat!
Next week, XBOW will run on active HackerOne programs from the expo floor.
Watch AI agents find and validate real vulns—fast.
📍 Booth 3257
Next week, XBOW will run on active HackerOne programs from the expo floor.
Watch AI agents find and validate real vulns—fast.
📍 Booth 3257
XBOW is now the #1 hacker on HackerOne, globally.
For the first time, our autonomous AI pentester tops the worldwide leaderboard.
Next week at #BlackHat, we’re taking it live:
We’ll run real-time on HackerOne programs—come see XBOW find vulnerabilities.
📍 Booth 3257
For the first time, our autonomous AI pentester tops the worldwide leaderboard.
Next week at #BlackHat, we’re taking it live:
We’ll run real-time on HackerOne programs—come see XBOW find vulnerabilities.
📍 Booth 3257
July 31, 2025 at 10:02 PM
XBOW is now the #1 hacker on HackerOne, globally.
For the first time, our autonomous AI pentester tops the worldwide leaderboard.
Next week at #BlackHat, we’re taking it live:
We’ll run real-time on HackerOne programs—come see XBOW find vulnerabilities.
📍 Booth 3257
For the first time, our autonomous AI pentester tops the worldwide leaderboard.
Next week at #BlackHat, we’re taking it live:
We’ll run real-time on HackerOne programs—come see XBOW find vulnerabilities.
📍 Booth 3257
False positives waste your time.
False negatives cost you breaches.
At @BlackHatEvents , @moyix shows how XBOW agents fight false positives — validating real exploits at scale, in hours.
📍Aug 7 | 11:20am
False negatives cost you breaches.
At @BlackHatEvents , @moyix shows how XBOW agents fight false positives — validating real exploits at scale, in hours.
📍Aug 7 | 11:20am
July 28, 2025 at 3:02 PM
False positives waste your time.
False negatives cost you breaches.
At @BlackHatEvents , @moyix shows how XBOW agents fight false positives — validating real exploits at scale, in hours.
📍Aug 7 | 11:20am
False negatives cost you breaches.
At @BlackHatEvents , @moyix shows how XBOW agents fight false positives — validating real exploits at scale, in hours.
📍Aug 7 | 11:20am
XBOW automatically runs expert-level attacks across all webapps, giving security teams unprecedented scale.
@xbow.com reported 1092 vulnerabilities on HackerOne in just a few months, including RCE, XXE, SQLi, SSRF, exposed secrets, and XSS.
@xbow.com reported 1092 vulnerabilities on HackerOne in just a few months, including RCE, XXE, SQLi, SSRF, exposed secrets, and XSS.
June 24, 2025 at 7:55 PM
XBOW automatically runs expert-level attacks across all webapps, giving security teams unprecedented scale.
@xbow.com reported 1092 vulnerabilities on HackerOne in just a few months, including RCE, XXE, SQLi, SSRF, exposed secrets, and XSS.
@xbow.com reported 1092 vulnerabilities on HackerOne in just a few months, including RCE, XXE, SQLi, SSRF, exposed secrets, and XSS.