XBOW @Xbow

"Right now, what we're seeing is like returning to the early 2000s," says @fede_k, head of security labs at XBOW. "Yes, we have security findings, but now the problem is triaging. Now the problem is routing. Now the problem is: is this real or not?" Hear more in the clip below ⬇️ Tune into the full episode here: bit.ly/4nUd2hW

“AI is changing the story of design flaw identification, says XBOW security researcher @pwntester in the clip below. Get more of his thoughts on business logic flaws and how to address them in his new blog: bit.ly/4fKEpsP

Security outcomes improve when great technology is paired with trusted expertise. It was great spending time with the @GuidePointSec team and customers at the GuidePoint Security Golf Classic at Terry Hills yesterday. As organizations face a growing volume of vulnerabilities and increasingly complex attack surfaces, partnerships matter. Together, we're helping organizations move beyond finding vulnerabilities to continuously validating real, exploitable risk.

“Is my application security program built for a world where everyone is a coder?” That’s one of the questions our CISO @nicowaisman says CISOs should ask themselves to ensure their security programs adapt to the cybersecurity landscape as quickly as it evolves. Mary Pratt covers his insights in @CSOonline: bit.ly/4um5upQ

How does AI pentesting work? What should you look for? Get some guidance in our blog post "How to Evaluate an AI Pentesting Vendor: A Decision Framework for Security Leaders." bit.ly/4edHyPM

The volume of vulnerabilities is growing. The number of security engineers isn't. Join XBOW at @owasp Global AppSec EU 2026 in Vienna, June 25-26, to see how autonomous offensive security is helping AppSec teams continuously identify and validate real, exploitable risk. Stop by to meet the XBOW team and see what offensive security looks like at machine speed. See you in Vienna: bit.ly/4uey3FF

• Why can't traditional pentests keep up with modern attack surfaces? • What stops an autonomous pentesting agent from causing real damage in production? • How do you audit what the AI actually did during an assessment? XBOW CISO @nicowaisman answers these questions, and more, from fellow CISOs in the latest episode of the Security You Should Know podcast, "Automating Offensive Security With XBOW." Listen to the full episode: bit.ly/4eiMXWM @CISOseries @dspark

“If you have exploit proofs, you can provide that plus-one modifier and really point your developers to remediate the top tier of real risk that’s been validated,” says @moderna_tx Deputy CISO Farzan Karimi about partnering with XBOW in a new Cyberscoop article. @gregotto's @CyberScoopNews piece highlights the reality security teams are quickly confronting as the frontier models start identifying a flood of new vulnerabilities. “Across recent conversations and presentations, industry experts said the tools are getting sharper, the attack surface is getting larger, and the gap between finding a problem and fixing it is not closing fast enough,” Otto says. Read full article: bit.ly/4va5Pxr

One theme came up repeatedly at InfoSecurity Europe: ➡️ Security teams want proof, not possibility. Great discussions all week with leaders thinking about autonomous offensive security and operational validation at scale. Thanks to everyone who connected with our team by visiting our booth, joining our workshop, and tuning into our session. It was a great week!

keyboard_arrow_left Previous keyboard_arrow_right Next

Security teams are still organized around reporting cycles, but today’s AI threats require continuous, autonomous offensive security. On June 10, XBOW CISO @nicowaisman will join @moderna_tx Deputy CISO Farzan Karimi to discuss what changes when offensive security becomes autonomous, continuous, and exploit-validated. They’ll cover: ➡️ Why periodic testing no longer reflects real exposure ➡️ How leaders should think about validation at machine speed ➡️ What continuous offensive testing changes operationally Join us: bit.ly/42zUvxV

"When I heard of XBOW for the first time, I thought: is pentesting dead?" says @fede_k, head of security labs at XBOW, in a recent Security Conversations episode. "Actually, I think more companies than ever will be able to conduct pentesting. Who can afford pentesting today? Only the top 10% of the biggest companies in the world. But if we can scale that, more people will be interested in understanding how they can get breached." Watch the full episode here: bit.ly/4nUd2hW

GPT-5.5 is now part of XBOW. In our testing, GPT-5.5 delivered significant improvements in vulnerability discovery, exploit reasoning, application interaction, and autonomous testing workflows. But models alone don’t create autonomous security. GPT-5.5 supplies the intelligence. XBOW operationalizes it into autonomous application security. Read more: bit.ly/4ufvhAb

Are you ready for day 2 of #Infosec2026? 🏹 Find us at booth F-135, and let’s connect about autonomous offensive security, why it’s critical for modern cybersecurity strategies, and how XBOW can work for your team.

keyboard_arrow_left Previous keyboard_arrow_right Next

XBOW is harnessing the power of AI to transform offensive security. Curious how autonomous offensive security is changing the game? It’s day two of the Gartner Security & Risk Management Summit, and we’re ready to talk all things autonomous offensive security. Find us at booth 1028! Huge thank you to everyone who tuned in to Farzan Karimi and Troy West of Moderna's session on day one to learn how they're building an autonomous offensive security program with XBOW—it was a full house! #GartnerSEC

keyboard_arrow_left Previous keyboard_arrow_right Next

Today at #Infosec2026, attendees will get a chance to put offensive security to the test during our hands-on workshop: Offensive AI in Practice. Ready to see firsthand how AI is amplifying attackers’ capabilities and how offensive security tools find, exploit, validate, and remediate them? Register here: bit.ly/4d9cd19 📍 June 2nd, 2pm BST South Gallery Room 18 @ ExCeL London

Our team is at #Infosec2026 today through Thursday! Stop by booth F-135 to say hi to the team 👋 and learn how your organization can scale offensive security with XBOW. 🏹 bit.ly/3P1Vkwj

If you’re at Gartner Security & Risk Management Summit today, find the XBOW team at booth 1028 📍 to learn about autonomous offensive security and how it’s enabling teams to defend against complex and evolving cyberthreats faster, better, and at scale: gtnr.it/2Mf36ll #GartnerSEC

Attending Gartner Security & Risk Management Summit? Tune in as Moderna’s Farzan Karimi, Deputy CISO, and Troy West, Associate Director, Cybersecurity, take the stage to highlight how they’re leveraging XBOW to adapt to, meet the demands of, and succeed in today’s AI-driven cybersecurity landscape. 🔔 TODAY at 02:05 PM EDT: gtnr.it/4nQofA6 #GartnerSEC

Mythos Preview highlights how AI models are getting faster and more effective at identifying vulnerabilities. But cybersecurity doesn’t stop at detection. The real challenge is turning findings into fixes. @CyberScoopNews covers the early results on Mythos Preview, including XBOW’s evaluation: bit.ly/4e4JqeC

The biggest risk in pentesting is often the time between tests. On June 16 at 11AM EDT, XBOW Lead Solutions Architect Bill Reyor will break down why security leaders are moving beyond periodic assessments toward continuous offensive security testing, and how to evaluate AI pentesting platforms. If your exposure changes daily, your testing strategy should too. Register now: bit.ly/42Nm472