Ready to chat all things autonomous offensive security with our team at #RSAC? πΉ
From continuous pentesting to AI-enabled attacks, letβs explore together what your organization can do to stay ahead.
Connect with us at the event: https://bit.ly/4qWj9Db
Whatβs on the agenda at RSAC?
Our CISO, Nico Waisman, will join Jason Haddix, CEO and CISO at Arcanum Information Security, and OpenAI's Dave Aitel for a fireside chat diving into the βChaos Phaseβ and how AI is breaking the old security model.
Save your seat: https://bit.ly/402mXXQ
Autonomous pentesting is one click closer. π±οΈ
XBOW is now available on AWS Marketplace.
To mark the launch, AWS customers can get 50% off XBOW Lightspeed for a limited time: https://bit.ly/46YLctI
Traditional scanners flood teams with alerts. Triage becomes the bottleneck.
Autonomous pentesting chains static + dynamic testing and validates exploits before reporting.
No noise. No false positives. π Read the whitepaper: https://xbow.com/whitepaper/autonomous-pentesting-without-false-positives
π£ XBOW is now available on AWS Marketplace!
AWS customers can now purchase XBOW through their existing workflows & use committed spend, while getting pentest results in hours, backed by real exploit validation.
Read about the partnership & a limited-time 50% for XBOW Lightspeed: bit.ly/4qnVrPk
Aim for what matters every time. π―
Hear from our partner Rhymetec about how they conduct AI-powered pentesting in real-world deployments.
Hereβs what autonomous offensive security in action looks like: https://bit.ly/4q95DLc
Traditional DAST β dev-friendly.
That's why we go beyond traditional DAST, delivering AI-generated vulnerability reports that provide real exploit paths, app behavior, and code context, so teams can fix faster.
Read more in Tales from the Trace π https://bit.ly/4rr5Jz1
The AI arms race doesnβt mean defenders lose.
Our CEO, Oege de Moor, joined @economist.comβs new "Boss Class" podcast to discuss how AI is accelerating real-world pentesting and ultimately giving the good guys better tools.
Link in replies π
New look. Same mission. πΉ
Our visual identity is evolving, but our focus hasnβt changed: redefining how organizations think about offensive security by transforming application security with AI-powered, continuous offense.
Explore whatβs new: https://bit.ly/3ZDQVkx
Weβre thrilled to welcome WonLae Lee, a respected offensive security leader with decades of experience, as General Manager of South Korea. His leadership will play a key role as XBOW continues to grow across the Asia-Pacific region! https://bit.ly/49yjRR4
Chiton sample under a microscope showing its βeyesβ
Yes, but more like hundreds of eyeglasses! Image is a chiton sample under a microscope, by Richard L. Howey, from www.microscopy-uk.org.uk/mag/artmay16...
Not directly from rocks. The structures are formed biologically from Ca ions dissolved in the seawater (look up βbiomineralizationβ). Presumably chalk and limestone are good sources for the calcium to get into the seawater in the first place, but Iβm guessing at this point.
@dombrasted.bsky.social The eye lens is aragonite, a calcium carbonate crystal. They grow it, like they grow their shells. msi.ucsb.edu/news/unravel...
Huge appreciation to the Seznam team!
On their first demo, XBOW identified a critical vulnerability with zero access and zero prep, just autonomous offensive security doing real work for a real customer.
Itβs the kind of partnership that proves what matters.
www.youtube.com/watch?v=w4L2...
AI-enabled attackers have already accelerated.
The question: can your offensive security match their speed?
Next week at Black Hat Europe, weβre showing how autonomous offense closes the security scale gap with human-level testing in hours.
Let us show you how @ booth #215
Are you looking to do more astronomy in the coming year? Astronomy is all about resolution(s)!! Join Astro Everywhere at the Parkside Library on January 7th.
sfpl.org/events/2026/...
DM me if youβd like an employee discount on your first automated pentest!
Pentests that take weeks canβt secure software that changes daily.
XBOW Lightspeed uses autonomous multi-agent offense to deliver human-level testing in hours, with full exploit validation and continuous coverage.
xbow.com/pentest
It's been about six months since AE really took off as a business, and in that time we have now presented to more than 2000 people in our dome and other presentation spaces and about 700 people have been able to engage with our telescopes and other activities!
Here's to even more in the future!
Episode 23: War Stories with Brendan Dolan-Gavitt (XBOW)!
@tib3rius.bsky.social & @swiftsecur.bsky.social are joined by @moyix.net who shares some AI and human war stories with us!
Links below!
Astro Everywhereβs portable planetarium.
I sneakily took a candid photo of you working your tush off at Bay Area Science Festival this weekend.
What a weekend! From the Bay Area Science Festival at Mission Bay to the outer Sunset for the Great Hauntway, Astro Everywhere has been EVERYWHERE across SF. Anyone in North Beach need a telescope night?
Walk round to Tunnel Tops Park. Itβs not far from there and a much better view of the bridge.
Dutch late night TV has its take
1/ XBOW Unleashes GPT-5βs Hidden Hacking Power.Β
OpenAI
's initial assessment of GPT-5 showed modest cyber capabilities. But when integrated into the XBOW platform, we saw a completely different story: performance more than doubled.Β
More on what we found: π§΅
See autonomous pentesting live at #BlackHat!
Next week, XBOW will run on active HackerOne programs from the expo floor.
Watch AI agents find and validate real vulnsβfast.
π Booth 3257
Number 1 ππΊπ
The trick to how it did it is in this post: xbow.com/blog/xbow-ti... Some details below...
False positives waste your time.
False negatives cost you breaches.
At @BlackHatEvents , @moyix shows how XBOW agents fight false positives β validating real exploits at scale, in hours.
πAug 7 | 11:20am
From SSRF discovery to RCE exploitation in 32 iterations.
XBOW systematically analyzed TiTiler's expression parser, discovered Python execution through error patterns, then crafted payloads using subclass traversal to achieve command execution.
Complete analysis: bit.ly/46XzOiA
