HackerSec @HackerSec

Our goal of ZEROING the number of false positives in vulnerabilities reported by Yaga is not to replace pentesters, but quite the opposite, to expand our team of pentesters that currently already operate with Yaga, analyzing, validating and improving increasingly deep results in pentests.

In recent days, we have worked intensively on Yaga, the pentest agent from @HackerSec, reducing the false positive rate for vulnerabilities found from 8% to 2.2%. The expectation is to bring it below 1% by August.

HackerSec & e-Safer: Partners in Next-Gen Offensive Cybersecurity hackersec.com/blog/hackersec…

Penetration testing made simple, just the way it should be. hackersec.com/platform

How YAGA bypasses protected environments with Pentest hackersec.com/blog/how-yaga-…

How Yaga Exploits Chained Vulnerabilities hackersec.com/blog/how-yaga-…

@HackerSec's AI, Yaga, recently launched, also uses engines from Anthropic, OpenAI and some other companies. And I can say that offensive cybersecurity is about to revolutionize the software market. Where staying on the defensive will no longer be enough.

Anthropic @AnthropicAI

4 weeks ago

Last month we launched Project Glasswing, our collaborative AI cybersecurity initiative. Since then, we and our partners have found more than ten thousand high- or critical-severity vulnerabilities in essential software.

517 653 9K 2.8M 1K

You know those pentest PDF reports that take weeks to generate and only show up at the end of the project? HackerSec ended that. On the HAS platform, reports are generated in real time, anytime, with one click. Maturity, executive, technical. You pick.

For the new sailors who call themselves vibe coders. Artificial intelligence is making it easier and easier to create through programming, even without technical coding knowledge. This is good, but it can also become very bad. From the moment everyone can “program” new systems, the possibilities for the evolution of technology become infinite, but also dangerous, because people are forgetting that the most important pillar of good systems is secure systems. In other words, attention to cybersecurity has never been as important as it is today, and it will be even more important in the future. Don’t think that adding a prompt at the end before deployment saying: “now make this system 100% secure” will solve anything, because it won’t. That is not how cybersecurity works. Cybersecurity involves defense through firewalls and monitoring systems, but it also involves offense through offensive testing that actually validates whether the system developed can withstand a cyberattack or not. Neglecting this is developing chaos, not technology.

Everyone is talking about Claude Mythos, but they are forgetting something much bigger. The number of companies using AI to develop software and releasing a tsunami of updates every day without validating the cybersecurity of anything. Mythos will not be necessary to compromise systems in the coming years, because there have never been so many vulnerabilities emerging daily, nor so many systems being pushed to production without proper security. The tsunami will not be AI. It will be cybersecurity. If companies don’t start realizing that innovation with AI must move side by side with cybersecurity, many of these new systems and companies will be devastated by major cyberattacks in the coming months. I will go even further… The number of vulnerable systems emerging is so large that not even cybercrime using AI can keep up with exploiting everything.

Do you know what the biggest competitive advantage is in an era where everyone has become a programmer? It is no longer having a beautiful system with a dashboard full of effects. Anyone can do that with a prompt. Do you know what almost everyone is neglecting? Cybersecurity. People are blindly developing nonstop, thinking they will get rich overnight, but they are forgetting that there is no point in building a system fast if it can also be destroyed fast. To have a SaaS, or any other technology, very few actually worry about real cybersecurity. And whoever realizes this now and treats it as a competitive advantage will win far more contracts than their competitors. Do you know why?

Rumors here on X indicate that Claude Mythos could be released to the public in the next few days, but companies are not even prepared for an attack with GPT-3. You don’t need Claude Mythos to compromise 90% of companies around the world. If you run a scan, you can already compromise 99% of companies in Brazil. Claude Mythos is at a military-use level. Because in the traditional market, not even the most critical sectors like healthcare and finance have the cybersecurity maturity to withstand the new attacks with AI.

Introducing HackerSec AI HackerSec's applied research initiative in offensive cybersecurity with AI. Unifies the Yaga agent, the Pentest AI-First methodology, and the HAS platform. 98% accuracy across 600 OWASP scenarios, with human validation. hackersec.ai

Yaga: The Pentest Agent from HackerSec hackersec.com/blog/yaga-the-…

WAF Bypass and Protections: Techniques We Use in Pentests hackersec.com/blog/waf-bypas…

Automated Pentesting vs. AI Pentest hackersec.com/blog/automated…

HackerSec now has a partner program. Resellers, MSSPs, and cybersecurity consultancies can offer AI-First penetration testing to their clients using the HAS platform. Recurring revenue, ready-to-use platform, dedicated support. hackersec.com/partners

AI-First Pentesting. AI tests, humans validate. HackerSec's HAS platform is where you request pentests, track vulnerabilities in real time, fix and validate every remediation through final retest. No endless meetings, no 500-page PDFs. hackersec.com/platform

Pentest AI-First: A New Pentest Methodology hackersec.com/blog/pentest-a…

Purple Team: The Union of Red Team and Blue Team hackersec.com/blog/purple-te… #cybersecurity #hacker #hacking