Hacktron AI

Introducing Hacktron Review: an AI security reviewer for your pull requests. It understands your whole codebase, builds a threat model, takes your feedback, and catches exploitable vulnerabilities before they reach production. Try for free: app.hacktron.ai

RCE in Github VSCode Copilot Chat hacktron.ai/blog/rce-in-vs…

Hacktron ❤️ Open Source TL;DR: If you maintain an open source project, we want to give you Hacktron Review for free. Because giving maintainers the same capabilities as attackers would otherwise use against them felt like the right thing to do. hacktron.ai/blog/hacktron-…

Next.js v16.2.5 fixes a bunch of vulnerabilities reported by @HacktronAI. Patch ASAP, especially if you’re running self-hosted Next.js that SSRF might affect you CVE-2026-44574: Middleware / Proxy bypass via dynamic route parameter injection CVE-2026-44578: SSRF in applications using WebSocket upgrades CVE-2026-44581: XSS in App Router applications using CSP nonces

when react2shell hit last year, i think vercel handled it brilliantly. to protect their users, they paid $50,000 for every bypass researchers could find. we decided to participate, and ended up earning $170,000. read how we did it here: hacktron.ai/blog/react2she…

TL;DR: If a large model finds a 0day with 90% probability, and a small model with 50% probability, but the small model costs 10x less, it is better to use the small model.

Mythos showed that frontier models can find complex vulnerabilities with a skilled operator in the loop. But for applications that don't have the complexity of a JIT compiler, we found that smaller models run repeatedly can outperform larger frontier models on cost-to-recall. hacktron.ai/blog/why-mytho…

I am a bit late to the "Mythos" clickbait. But here we go: Why Mythos doesn't matter (for us) hacktron.ai/blog/why-mytho…

@raghunandhanvr @LiveOverflow yepp!!!!

@HacktronAI @LiveOverflow Is that @LiveOverflow 👀

Introducing Hacktron Review: an AI security reviewer for your pull requests. It understands your whole codebase, builds a threat model, takes your feedback, and catches exploitable vulnerabilities before they reach production. Try for free: app.hacktron.ai

Don't believe us? Try it free for 14 days at app.hacktron.ai and see what Hacktron finds in your codebase. hacktron.ai/blog/introduci…

Hacktron automatically closes issues once they’re fixed, keeping stale findings out of your backlog. It sends real-time alerts to Slack, and creates Linear tickets so remediation fits into the workflow your team already uses.

"Mohan Pedhapati (@S1r1u5_), CTO of Hacktron, described how he used Opus 4.6 to create a full exploit chain targeting the V8 JavaScript engine in Chrome 138, which is bundled into current versions of Discord." theregister.com/2026/04/17/cla…

We won 2nd place at Vercel's AI Accelerator Demo Day and I've been told on very short notice that today is Vercel Day on Product Hunt and to do a launch on it. So here it is. We would love to have your support: producthunt.com/products/hackt…

👀

We're demo-ing at @vercel's AI Accelerator Demo Day tomorrow. Throughout the not-so-long history of Hacktron, we've prioritized responsible disclosure of vulnerabilities we identify through the benchmarking and testing of our capabilities. Here's what we've found 🧵👇

hi @AnthropicAI, our request to remove claude safeguards was denied. we would really appreciate a reconsider, we're not just any company. mythos access would be great too 😉 check the thread for our work securing AI & OSS products like Atlas, Antigravity, Windsurf 🧵👇