XBOW
by XBOW, Inc.
Autonomous AI agent that pentests web apps and validates exploits
Last reviewed 2026-06-19
XBOW is an autonomous AI offensive-security agent that continuously penetration-tests web applications. It reasons about attacks the way a human researcher would (probing for RCE, SQL injection, XSS, SSRF, XXE, path traversal, secret disclosure and more), then validates each exploit with deterministic, non-LLM code so confirmed findings carry very low false positives. In June 2025 XBOW became the first fully autonomous system to reach the top of HackerOne's US bug-bounty leaderboard. Detection and exploitation run autonomously within a defined scope, while XBOW's own security team reviews findings before any HackerOne submission to comply with HackerOne's policy on automated tooling, so there is a human checkpoint at the disclosure boundary. The product is proprietary and enterprise-sold. XBOW was founded in 2024 by Oege de Moor (creator of GitHub Copilot and GitHub Advanced Security) and reached a reported $1B+ valuation in 2026.
What it can do
Discover web vulnerabilities autonomously
AutonomousAI agents probe web apps for RCE, SQLi, XSS, SSRF, XXE, path traversal, cache poisoning, and secret or info disclosure within a defined scope.
sourceValidate exploits deterministically
AutonomousNon-LLM, code-based verification confirms each finding, driving false positives toward zero.
sourceRoute across frontier LLMs per task
AutonomousDynamically selects among frontier models to optimize attack reasoning for each step.
sourceIntegrate into security and dev workflows
SupervisedProgrammatic access plus integrations (e.g., Microsoft Security Copilot and Sentinel) feed and prioritize findings; humans review before disclosure.
source
Strengths
- +Demonstrated real-world performance: first autonomous system to top HackerOne's US leaderboard
- +Deterministic validation sharply cuts the false positives that plague LLM-based scanners
- +Fast, continuous coverage that scales beyond human throughput
Limitations
- −Still requires human review at the reporting and disclosure step, so it is not fully zero-touch for compliant submission
- −Closed and proprietary with no public docs or pricing, limiting independent evaluation
- −Scoped to web-app offensive testing; autonomous offensive tooling raises governance and misuse questions
Overview
XBOW is an autonomous AI agent for offensive security. It continuously pentests web applications, reasoning about attacks like a human researcher and then proving each one with deterministic code. The headline validation came in June 2025, when it became the first fully autonomous system to top HackerOne's US bug-bounty leaderboard.
What it does
XBOW probes web apps for a broad range of vulnerability classes (RCE, SQL injection, XSS, SSRF, XXE, path traversal, cache poisoning, secret disclosure) and then validates findings with non-LLM, code-based verification, which is what keeps false positives extremely low. It dynamically routes across frontier LLMs to optimize attack reasoning. Programmatic access and integrations (for example Microsoft Security Copilot and Sentinel) let it feed and prioritize findings inside enterprise workflows.
Autonomy and human review
Detection and exploitation are autonomous within scope. For compliance with HackerOne's policy on automated tooling, XBOW's security team reviews findings before submission, so the overall workflow keeps a human at the disclosure boundary. We classify the core agent as autonomous within guardrails, with supervised reporting.
Pricing
Enterprise, contact-sales. No public pricing.
Traction
XBOW was founded in 2024 by Oege de Moor (creator of GitHub Copilot) and Mike Horton. It raised a $20M seed (Sequoia, 2024), a further round in 2025, and a reported $120M Series C in March 2026 led by DFJ Growth and Northzone, valuing it above $1B.
Best for / not for
Best for enterprise security and AppSec teams that want continuous, high-throughput, low-false-positive web pentesting. Not a general-purpose security platform, and buyers must weigh governance considerations around autonomous offensive tooling.
Alternatives
Dropzone AI applies autonomous AI to the defensive side (SOC alert investigation), a useful contrast to XBOW's offensive focus.
What people are saying
We aggregate real LinkedIn discussion into sentiment for the agents people search most. XBOW isn't tracked yet, want it added? Request tracking.
FAQ
Is XBOW fully autonomous?+
Vulnerability detection and exploitation run autonomously within a defined scope, which is genuinely end-to-end. However, XBOW's own security team reviews findings before submitting them to HackerOne, to comply with HackerOne's policy on automated tools, so there is a human checkpoint at disclosure.
What did XBOW achieve on HackerOne?+
In June 2025, XBOW became the first fully autonomous system to reach the top of HackerOne's US bug-bounty leaderboard. Reporting across outlets cited on the order of a thousand vulnerabilities found over a roughly 90-day window; specific counts come from those reports rather than from this wiki.
Sources
- The road to Top 1: How XBOW did it (XBOW blog) · accessed 2026-06-19
- An AI-Driven Pen Tester Became a Top Bug Hunter on HackerOne (Dark Reading) · accessed 2026-06-19
- XBOW Raises $120M to Scale its Autonomous Hacker (BusinessWire) · accessed 2026-06-19
Last reviewed 2026-06-19