Resources

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Blog

Dec 5, 2025

React2Shell (CVE-2025-55182): A Wake-Up Call for Modern Web Security and How XBOW Helps You Respond

Nico Waisman

Video

Dec 1, 2025

XBOW in Action: Move Faster, Attack Smarter

Video

Nov 27, 2025

200 Zero-Days, Zero False Positives: How XBOW Scales AI Exploitation

Video

Nov 24, 2025

Inside XBOW Lightspeed: Pentest On Demand

Blog

Nov 18, 2025

How Companies Can Test Their Systems Against AI-powered Attacks Like GTG-1002

Aqeel Siddiqui

Blog

Nov 14, 2025

‍Autonomous Offense IRL: What Anthropic’s GTG‑1002 Exposes, and How We Scale the Fight Back

Nico Waisman

Blog

Nov 12, 2025

Stop Scheduling Security. Start Securing with XBOW Lightspeed Pentest On-Demand.

Oege de Moor

Blog

Nov 6, 2025

BloomPath AI Accelerates SOC 2 Readiness with Autonomous Pentesting using XBOW

Blog

Nov 3, 2025

From HackerOne’s leaderboard to the NYSE Floor: Our Journey to the Cyber60

Nico Waisman

Blog

Oct 9, 2025

Tales from the Trace: How Agentic AI Merges Static and Dynamic Testing

Ray Kelly

Alvaro Muñoz

Blog

Sep 30, 2025

Cooking an SQL Injection Vulnerability in Chef Automate

Javier Gil

Blog

Sep 24, 2025

The Chaos Phase: How AI is Transforming Cybersecurity Threats

Oege de Moor

Blog

Sep 23, 2025

CVE-2025-27888: Server-Side Request Forgery via URL Parsing Confusion in Apache Druid Proxy Endpoint

Nico Waisman

Blog

Aug 18, 2025

Empowering Defenders in the Age of AI: My Journey to XBOW

Niroshan Rajadurai

Blog

Aug 18, 2025

XBOW on HackerOne: What’s Next

Nico Waisman

Blog

Aug 15, 2025

XBOW Unleashes GPT-5’s Hidden Hacking Power, Doubling Performance

Oege de Moor

Albert Ziegler

Blog

Aug 13, 2025

Black Hat & DEF CON: Running XBOW Live, Presentation Slides, and The Talk You Didn’t Miss

Nico Waisman

Blog

Aug 5, 2025

XBOW Partners with Vanta to Bring Autonomous Penetration Testing to Startups

Joanna Clifton

Blog

Jul 31, 2025

The campaign is not available in your country: XBOW discovered an SQLi while attempting to bypass geolocation restrictions.

Nico Waisman

Blog

Jul 28, 2025

Another Byte Bites the Dust - How XBOW Turned a Blind SSRF into a File Reading Oracle

Alvaro Muñoz

Blog

Jul 24, 2025

Beyond the Bands: Exploiting TiTiler’s Expression Parser for Remote Code Execution

Alvaro Muñoz

Blog

Jul 21, 2025

How XBOW turned a JavaScript hint into a working file inclusion

Nico Waisman

Blog

Jul 17, 2025

Agents Built From Alloys

Albert Ziegler

Blog

Jul 14, 2025

XBOW battles Ninja Tables: Who’s the Real Ninja?

Alvaro Muñoz

Blog

Jul 10, 2025

When the Heat Gets to Your Database: A Refreshing SQL Injection Discovery in Z-Push

Javier Gil

Blog

Jul 7, 2025

Finding XSS in Salesforce Aura Components: How XBOW Got Creative

Diego Jurado

Blog

Jun 30, 2025

CVE-2025-49493: XML External Entity (XXE) Injection in Akamai CloudTest

Diego Jurado

Blog

Jun 24, 2025

Breaking the Shield: How XBOW Discovered Multiple XSS Vulnerabilities in Palo Alto’s GlobalProtect VPN

Alvaro Muñoz

Blog

Jun 24, 2025

Taking the Top Hacker in the US to New Heights: XBOW Raises $75M Series B

Oege de Moor

Blog

Jun 24, 2025

The road to Top 1: How XBOW did it

Nico Waisman

Blog

Dec 20, 2024

The Nightmare Before Christmas: An arbitrary file download on Zoo-Project

Nico Waisman

Blog

Dec 13, 2024

Stored Cross-Site Scripting (XSS) in 2FAuth

Diego Jurado

Blog

Dec 2, 2024

LabsAI’s EDDI project path traversal

Diego Jurado

Blog

Nov 22, 2024

SSRF & URI validation bypass in 2FAuth

Nico Waisman

Blog

Nov 13, 2024

How XBOW found a Scoold authentication bypass

Nico Waisman

Blog

Nov 9, 2024

XBOW validation benchmarks: show me the numbers!

Nico Waisman

Blog

Aug 5, 2024

XBOW now matches the capabilities of a top human pentester

Oege de Moor

Blog

Jul 17, 2024

Breaking Crypto with XBOW

Brendan Dolan‑Gavitt

Blog

Jul 15, 2024

Introducing XBOW

Oege de Moor

Blog

Jul 30, 2023

Sequoia Capital leads $20M seed round in XBOW

Oege de Moor