An AI program called Xbow has become the top-ranked vulnerability researcher in the United States on HackerOne, a platform that coordinates software bug discoveries with major companies. The achievement marks a significant milestone in automated cybersecurity, as Xbow has outperformed human researchers by discovering over 1,000 software flaws across companies including Disney, AT&T, Ford, and Epic Games.
What you should know: Xbow has submitted nearly 1,060 vulnerability reports in recent months, with 132 officially confirmed and resolved by affected companies.
- An additional 303 vulnerabilities were classified as “triaged,” meaning they’ve been acknowledged but not yet fixed, while 125 remain under review.
- The AI operates fully autonomously and can complete “comprehensive penetration tests in just a few hours,” according to its creators.
- All findings were automated, though Xbow’s security team reviews submissions before reporting to comply with HackerOne’s policies on automated tools.
The numbers game: While Xbow’s discovery rate is impressive, not all submissions represent new security issues.
- 208 reports were marked as “duplicates” of previously discovered vulnerabilities.
- Another 209 were flagged as merely “informative” rather than actionable security flaws.
- The remaining 36 submissions were declared not applicable to the target systems.
Why this matters: The results demonstrate how AI could fundamentally reshape cybersecurity through automated vulnerability discovery at unprecedented scale.
- “Notably, around 45% of Xbow’s findings are still awaiting resolution, highlighting the volume and impact of the submissions across live targets,” the Xbow team noted.
- The technology promises to help companies stay ahead of malicious hackers who are also adopting generative AI for attacks.
What critics are saying: Some cybersecurity professionals worry about the quality versus quantity trade-off in AI-generated bug reports.
- “Receiving hundreds of AI-generated bug reports would be so demoralizing and probably turn me off from maintaining an open source project forever,” wrote one user on the Hacker News forum.
- “I think developers are going to eventually need tools to filter out slop.”
The response: Brendan Dolan-Gavitt, an Xbow AI researcher, defended the program’s effectiveness against skepticism.
- “The main difference is that all of the vulnerabilities reported here are real, many quite critical,” he responded to critics.
- Others pointed out that submissions from human security researchers on HackerOne can also be of low quality.
Business implications: Xbow’s parent company is capitalizing on the technology’s success to attract customers and investors.
- Bloomberg reports that the company recently raised $75 million through a new funding round.
- The timing of the results announcement coincides with the startup’s efforts to commercialize its automated vulnerability discovery platform.
Recent Stories
DOE fusion roadmap targets 2030s commercial deployment as AI drives $9B investment
The Department of Energy has released a new roadmap targeting commercial-scale fusion power deployment by the mid-2030s, though the plan lacks specific funding commitments and relies on scientific breakthroughs that have eluded researchers for decades. The strategy emphasizes public-private partnerships and positions AI as both a research tool and motivation for developing fusion energy to meet data centers' growing electricity demands. The big picture: The DOE's roadmap aims to "deliver the public infrastructure that supports the fusion private sector scale up in the 2030s," but acknowledges it cannot commit to specific funding levels and remains subject to Congressional appropriations. Why...
Oct 17, 2025Tying it all together: Credo’s purple cables power the $4B AI data center boom
Credo, a Silicon Valley semiconductor company specializing in data center cables and chips, has seen its stock price more than double this year to $143.61, following a 245% surge in 2024. The company's signature purple cables, which cost between $300-$500 each, have become essential infrastructure for AI data centers, positioning Credo to capitalize on the trillion-dollar AI infrastructure expansion as hyperscalers like Amazon, Microsoft, and Elon Musk's xAI rapidly build out massive computing facilities. What you should know: Credo's active electrical cables (AECs) are becoming indispensable for connecting the massive GPU clusters required for AI training and inference. The company...
Oct 17, 2025Vatican launches Latin American AI network for human development
The Vatican hosted a two-day conference bringing together 50 global experts to explore how artificial intelligence can advance peace, social justice, and human development. The event launched the Latin American AI Network for Integral Human Development and established principles for ethical AI governance that prioritize human dignity over technological advancement. What you should know: The Pontifical Academy of Social Sciences, the Vatican's research body for social issues, organized the "Digital Rerum Novarum" conference on October 16-17, combining academic research with practical AI applications. Participants included leading experts from MIT, Microsoft, Columbia University, the UN, and major European institutions. The conference...