An AI-driven pen tester became a top bug hunter on HackerOne
XBOW's AI-powered penetration testing tool became the first non-human to top HackerOne's US leaderboard, reporting 285 vulnerabilities. Associate Professor Brendan Dolan-Gavitt, who leads XBOW, explained their success comes from using deterministic validation rather than LLMs to verify findings. "Hopefully, I've given you lots of good reasons not to trust language models when they tell you there's a vulnerability," Dolan-Gavitt said, advocating for non-AI verification methods.
