Hacktron AI @HacktronAI
Hacktron is an autonomous vulnerability hunter for ambitious engineering teams. Built by world-class security researchers. Powered by one principle: PoC || GTFO hacktron.ai Latent Space Joined April 2025-
Tweets130
-
Followers4K
-
Following10
-
Likes154
So @Doyensec recently published a report comparing @Xbow and @AikidoSecurity, two AI pentest platforms. I figured, why not run @HacktronAI on the same test? So I ran a pentest on one of the target. Hacktron cost $350, while XBOW and Aikido cost $4,000 each. We did pretty well!
The outcome: a faster, more cost-effective security assessment that does not compromise on quality. This is not just checkbox compliance. Hacktron Whitebox helps teams generate evidence for SOC 2 and ISO 27001, while giving engineers valuable, actionable findings they can fix.
Introducing Hacktron Whitebox: get white-box security assessments with audit-ready reports without waiting on a traditional pentest cycle. AI has roughly tripled the rate of code shipped in the past year. But penetration testing has not kept pace, often taking weeks to months.
Nice overview of the vulnerability discovery landscape! Very proud of the work we've done at @HacktronAI, as well as that of our peers at Anthropic and AISLE. AI has sped up vulnerability discovery, but coverage and signal remain to be important metrics we optimize for.
Agents are finding more vulnerabilities than ever. But it turns out there are gaps in existing vulnerability discovery. Over the past 90 days vs. a year ago, web vulnerabilities (XSS/SQLi/CSRF) are down 66% and memory safety exploitability is down 3.5x. We built the Agentic
Who's finding what? @AnthropicAI owns critical count. @HacktronAI leads on severity + exploitability. AISLE covers the most CWE types. There’s no clear overall winner.
Hacktron Review plugs into your pull requests and catches exploitable vulnerabilities other scanners walk straight past. Find real security issues within 24 hours of onboarding. Try it free → hacktron.ai
When Your VPN Opens Your Private Network to the Public! An auth bypass in Palo Alto PAN-OS CAS Auth (CVE-2026-0265) that lets an attacker connect to the company's GlobalProtect VPN. Blog - hacktron.ai/blog/cve-2026-…
what can go wrong?
This is a critical auth bypass (affecting GlobalProtect VPN), not sure why this was marked as high. I have already managed to get VPN access to major corps! Unlike the buffer overflow this isn't limited to PAN OS. Will be disclosing full details later next week on @HacktronAI
Check out our security work on Next.js. We’re also offering free security scans for open source projects. Apply here: hacktron.ai/blog/hacktron-…
Last week's Next.js stable release patches multiple vulnerabilities found by @HacktronAI CVE-2026-44578: SSRF via WebSocket upgrade. It is the most impactful of all, it lets an attacker read internal hosts such as cloud metadata endpoints on self-hosted next.js applications.
I've seen enough fundraising announcement videos. This isn’t one of them. At @HacktronAI, we do security, and we do it well. That’s what matters to us. We solve real problems for our customers. On average, they uncover real vulnerabilities missed by other tools within 24 hours of onboarding. Just this year, we've already responsibly disclosed vulnerabilities in Vercel's Next.js, Grafana, Jetbrain's YouTrack, OpenAM, Metabase, and BeyondTrust's Remote Support Software. No unearned, bullshit hype. Just security that works.
RCE in Github VSCode Copilot Chat hacktron.ai/blog/rce-in-vs…
Hacktron ❤️ Open Source TL;DR: If you maintain an open source project, we want to give you Hacktron Review for free. Because giving maintainers the same capabilities as attackers would otherwise use against them felt like the right thing to do. hacktron.ai/blog/hacktron-…
Next.js v16.2.5 fixes a bunch of vulnerabilities reported by @HacktronAI. Patch ASAP, especially if you’re running self-hosted Next.js that SSRF might affect you CVE-2026-44574: Middleware / Proxy bypass via dynamic route parameter injection CVE-2026-44578: SSRF in applications using WebSocket upgrades CVE-2026-44581: XSS in App Router applications using CSP nonces
when react2shell hit last year, i think vercel handled it brilliantly. to protect their users, they paid $50,000 for every bypass researchers could find. we decided to participate, and ended up earning $170,000. read how we did it here: hacktron.ai/blog/react2she…
TL;DR: If a large model finds a 0day with 90% probability, and a small model with 50% probability, but the small model costs 10x less, it is better to use the small model.
Mythos showed that frontier models can find complex vulnerabilities with a skilled operator in the loop. But for applications that don't have the complexity of a JIT compiler, we found that smaller models run repeatedly can outperform larger frontier models on cost-to-recall. hacktron.ai/blog/why-mytho…
I am a bit late to the "Mythos" clickbait. But here we go: Why Mythos doesn't matter (for us) hacktron.ai/blog/why-mytho…
Abdul Moiz Siddiqui @MoizSid09
152 Followers 323 Following Doing CS Bachelors Degree In progress. Bug hunter @ https://t.co/WhGpNjAjYU
Harsh Kumar @harsh_5ingh
12 Followers 60 Following Btech CSE (Cybersecurity) Learning DSA, Web Development & Security Building Secure Doc AI React • TypeScript • Node.js • PostgreSQL Open to internships
Matej Fajdiga @ImMatej8
26 Followers 1K Following
booting @AlhafzMry
11 Followers 576 Following
Muhammed Emir ARSLAN @MrM3ARS
157 Followers 199 Following 💻 Offensive Cyber Security Specialist | Synack Red Team Member | Vuln Researcher | a.k.a MrM3ARS
muzlugofretcentro @mousselugofret
1 Followers 143 Following
larsling @larsling
6K Followers 6K Following CleanTech Impact Entrepreneur - Financing & Advising CleanTech Companies │ Speaker │ Facilitator | Strategic PR | #cleantech #speaker #investor
NotNeeded @_NotNeeded17_
0 Followers 82 Following
lixes @lixesd
2 Followers 33 Following
who1am @nowindows9
5 Followers 209 Following
Akash Kundu @kunduakash1
39 Followers 503 Following Akash kundu a self made ethical hacker ,cyber expert and an entrepreneur , youngest law enforcement trainer. Visiting Faculty to CBI , CRPF ,Indian police .
Sophie @Sophie196959144
1 Followers 52 Following
HackyD0g @HackyD0g
25 Followers 529 Following
Nam Nguyễn Huy @huynambka
7 Followers 198 Following
exec @ContextVector
344 Followers 6K Following not main. mostly ai recon but has an eye for true art or mind bending stuff. science and acceleration.
Humberto DLR-1 @1_dlr7
1 Followers 49 Following
Oldboy @oldboy_sonnt
45 Followers 1K Following A boy with old face. Women hate that. I'm Jisoo I'm OK
B4ft @_B4ft
5 Followers 236 Following
rtbeaDGFSA1 @zhh89452041
3 Followers 220 Following
Joel Eriksson @OwariDa
8K Followers 4K Following Offensive security researcher and entrepreneur -Kernels, browsers and all that jazz- Also: - AI/ML/DL - AR/VR/XR - CTFs (pwn/re/crypto) + Cicada 3301, Boxen etc
Edison He @0xedison
84 Followers 1K Following ╪ͥ͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋͋ 一个命运多舛的人
emtuls @emtuls
306 Followers 414 Following Malware Reverse Engineer @ FLARE | Vulnerability Researcher | Tool Developer
ArneFeys @arne_feys80308
14 Followers 24 Following
Mustafa Tariq @tariqonal
199 Followers 3K Following #SOC, #SOAPA, #ThreatIntel, #IR, #ThreatHunting, #SIEM, #OpenSource, #ThreatMonitoring, #CyberSecurity, #Gartner, #Deeplearning
Aryaman Behera @aryamanTitan
2K Followers 1K Following CEO @RepelloHQ, backed by General Catalyst | AI Red Teaming | IIT Roorkee alum
Angelo Violetti @angelo_violetti
174 Followers 845 Following
Pavel Shabarkin @shabarkin
889 Followers 1K Following Zero-Day AI and Blockchain Security Researcher. ex @Quantstamp, @ZircuitL2
ABA @abarbatei
2K Followers 3K Following Founder & Principal Security Researcher @cybasecurity | EVM & @Stacks | Secured $1B+ TVL | 1000+ findings across 50+ audits
tilver @tilver
408 Followers 2K Following I like to break things in creative ways, preferably adding functionality in the process that the original creator never imagined.
Pablo Sabbatella @PabloSabbatella
83K Followers 4K Following Web3 Operational Security researcher 🥷 @opsek_io founder 🕵 @_SEAL_Org member 🦭 @SecuritySeries host 🎙️ We train and audit teams so they don't get hacked 🥷
Jurre van Bergen @DrWhax
5K Followers 2K Following I research surveillance and spyware systems. Secure contact: https://t.co/dR3wVwG083 - find me on other platforms.
OFWAIH @5869wr
22 Followers 68 Following
Rodrigo Nasif @RodrigoNasif
224 Followers 5K Following I am a full-stack creative developer with a passion for cutting edge tech living in Argentina.
Bexly @1Bexly
117 Followers 1K Following Builder, Designer | Data & AI maxi, E/ACC | Data cures my ADHD. Sharing my thoughts and generating ideas from the ether. 🐇
Crane @crane_vc
3K Followers 169 Following First to believe. Last to leave. Global seed investors in AI and Deep Tech.
Dan @pizzaboy
14K Followers 2K Following Your competitor's favourite designer | veteran | https://t.co/I94JDRXYDs | https://t.co/0YM3daUK3t
Project Europe @ProjectEurope_
5K Followers 26 Following Investing in the next generation of technical builders with global ambitions, backed by 150+ of the best European founders.
LiveOverflow 🔴 @LiveOverflow
160K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeio
zayne (zeyu) zhang @zeyu1337
3K Followers 2K Following 🇸🇬 | co-founder @hacktronai | @projecteurope_ 🇪🇺 | cs @cambridge_uni 🇬🇧 | prev: @cure53berlin @tiktok_us, ogp | ctfs @water_paddler (def con 31-32🥈)
Harsh Jaiswal @rootxharsh
22K Followers 1K Following Building @hacktronai | researching at @httpvoid0x2f | auditing at @cure53berlin | prev @zomato @vimeo @pdiscoveryio
s1r1us (mohan) @S1r1u5_
14K Followers 2K Following aham nityaṃ śiṣyaḥ, jagat mama guruḥ. {~hacker~} {founder @ElectrovoltSec, @HacktronAI}You might like
