Hacktron AI

We love working with @perplexity_ai 🚀

btw, i’m hiring for our agents team. you’ll work with me (not so cool), but you do get to work with @LiveOverflow, and i’m telling you, it’s insanely satisfying work every day.

Read the details of the bugs here. app.hacktron.ai/disclosed/pent…

Cloudflare built a Next.js replacement in a week with vibe-coding. We vibe-hacked and found numerous vulnerabilities, multiple critical and high severity. On Cloudflare Workers, one of the bugs leaks one user's session to another by default. hacktron.ai/blog/hacking-c…

We just shipped organizations in Hacktron. You can now: • collaborate with your team in a shared workspace • centralize billing • run code reviews and penetration tests for the whole org Once users join your organization, you can select between two seat types: • Security Seat: Hacktron CLI + IDE extensions, 500 credits/month • Developer Seat: security reviews for PRs + commits authored by that developer The organization creator gets 200 CLI + IDE credits/month for free. Existing users should already see this applied to their new org workspace. PR review and penetration tests are currently in private beta. We expect PR review general availability within the next month. If you would like early access, please book a time with our team at hacktron.ai/calendar or email us at hello@hacktron.ai.

We found this vulnerability back in July 2025 and were lazy to publish at the time. We’re sharing it now, months later, purely as an educational resource for developers building Electron-based AI agents. Everything in this post is based on our analysis of Cluely as it existed back then. We have not been following Cluely’s development since, and for all we know they may have significantly improved their security posture and practices.

We found a vulnerability in Cluely that could've turned it into malware. Link to blog in comments:

We found a RCE in Google's AI code editor Antigravity - $10000 Bounty Link to the blog in comments:

🚨 CVE-2026-1731 🚨 Our team discovered a critical pre-auth RCE affecting BeyondTrust Remote Support & Privileged Remote Access. SaaS/Cloud instances have been patched. If you're running self-hosted deployments, apply the patches immediately. More info in the comments.

We're excited to announce that Hacktron has successfully achieved compliance with the SOC 2 framework. By undergoing a comprehensive audit conducted by a reputable third-party firm, we have demonstrated our ability to effectively manage security risks and protect customer data. This allows us to work better with customers who require SOC 2 compliance, or are otherwise interested in our security posture. Because we build security software, we hold ourselves to the same standards we expect from every vendor we trust. Hacktron is built on dogfooding: we run our own product continuously across our entire software development lifecycle to surface vulnerabilities early and often. SOC 2 compliance is external validation of that discipline, and a signal to customers that our security posture, processes, and platform are designed to earn trust in real production environments. We extend our sincere appreciation to Insight Assurance for their thorough evaluation and validation of our compliance efforts, and Vanta for their platform and support.

👀

Happy holidays! To celebrate the end of a great year, we are giving away 500 Hacktron CLI credits (worth $20) to 10 people! 1. Sign up to Hacktron 2. Run the Hacktron CLI on a codebase and give it a vulnerability research task 3. Share the bug you found on social media and tag us in the post This is a perfect chance to try out our new vulnerability scan planning and Hacktron Skills features! Winners will be announced next week. docs.hacktron.ai

Introducing a new way to control how vulnerability scanning tasks are done in the Hacktron CLI. When you give a security audit task to Hacktron in an interactive session, it enters deep vulnerability research mode. Hacktron automatically identifies and utilises the most suitable agents to perform the task. You can now customise this vulnerability scanning plan by editing both known patterns and AI-suggested ones. Happy holidays, and have fun hacking!

🤖🤝🧑‍🔧

@tannerlinsley @HacktronAI are awesome! have done cool stuff for lovable/supabase

Hacktron worked closely with us on this and we had a fix out in two hours. We made some sound security decisions early on that prevented the agent getting compromised. We’re always thankful when we get great security research like this from the community. bugcrowd.com/openai