XBOW, an autonomous penetration tester, has reached the top spot on HackerOne

(xbow.com)

283 points summarity | 1 comments | 24 Jun 25 15:53 UTC | HN request time: 0.253s | source

Show context

jekwoooooe ◴[24 Jun 25 18:23 UTC] No.44369157[source]▶

They should ban this or else they will get swallowed up and companies will stop working with them. The last thing I want is a bunch of llm slop sent to me faster than a human would

replies(2): >>44369219 #>>44369231 #

danmcs ◴[24 Jun 25 18:31 UTC] No.44369231[source]▶

>>44369157 #

HackerOne was already useless years before LLMs. Vulnerability scanning was already automated.

When we put our product on there, roughly 2019, the enterprising hackers ran their scanners, submitted everything they found as the highest possible severity to attempt to maximize their payout, and moved on. We wasted time triaging all the stuff they submitted that was nonsense, got nothing valuable out of the engagement, and dropped HackerOne at the end of the contract.

You'd be much better off contracting a competent engineering security firm to inspect your codebase and infrastructure.

replies(2): >>44369339 #>>44371667 #

1. strken ◴[24 Jun 25 22:21 UTC] No.44371667[source]▶

>>44369231 #

We still get reports for such major issues as "this unused domain held my connection for ten seconds and then timed out, which broke the badly-written SQL injection scanner I found on GitHub and ran without understanding".

↑