Hacktron AI

155 posts

Hacktron AI banner
Hacktron AI

Hacktron AI

@HacktronAI

Hacktron is an autonomous vulnerability hunter for ambitious engineering teams. Built by world-class security researchers. Powered by one principle: PoC || GTFO

Latent Space Katılım Nisan 2025
11 Takip Edilen3.9K Takipçiler
Sabitlenmiş Tweet
Hacktron AI
Hacktron AI@HacktronAI·
Introducing Hacktron Review: an AI security reviewer for your pull requests. It understands your whole codebase, builds a threat model, takes your feedback, and catches exploitable vulnerabilities before they reach production. Try for free: app.hacktron.ai
English
21
39
214
48K
Hacktron AI
Hacktron AI@HacktronAI·
GLM and DeepSeek are catching frontier models at finding vulnerabilities, and in some cases performing better than Opus 4.8. If open-weight models keep this trend for the next 6 months, we could move most of our workflow onto them and reserve frontier models for the critical parts: advising, orchestrating, and handling the hardest calls. At some point, excess intelligence becomes unnecessary for a lot of security workflows. Link below to read the blog.
Hacktron AI tweet media
English
3
0
11
1.1K
Hacktron AI retweetledi
zayne (zeyu) zhang
zayne (zeyu) zhang@zeyu1337·
New landing page! Fable was held in captivity for 72 hours to produce this. Websites can be beautiful!
English
5
1
89
9.8K
Hacktron AI
Hacktron AI@HacktronAI·
there is no way you’re going to make people read all their AI-generated code. it was already cognitively hard to review PRs when your colleagues were writing the code. now it’s even harder when AI is generating half of it. you should just assume people won’t read everything and put checks in the PR that surface vulnerabilities where the real risk is.
Hacktron AI tweet media
English
2
3
8
1.6K
Hacktron AI retweetledi
s1r1us (mohan)
s1r1us (mohan)@S1r1u5_·
I strongly believe most vulnerabilities never need to reach production if design and PR review are done well, but I don't think any team has the dev-to-security ratio to review every PR and design. Now it's possible with @HacktronAI. It's been reviewing every PR on @RocketChat, and since it's all open source, I can show you proofs, not plain marketing bullshit. 🧵
s1r1us (mohan) tweet media
English
1
5
58
4.3K
Hacktron AI
Hacktron AI@HacktronAI·
Each review ran in ~1-2 minutes, with accurate codebase and threat model context. As @juliocfa_, Director of Security at @RocketChat put it: "False positives become less frequent, improving accuracy and cutting the time spent triaging non-issues." hacktron.ai/customer-stori…
English
0
0
1
297
Hacktron AI
Hacktron AI@HacktronAI·
Hacktron now powers security review for every pull request in @RocketChat. In the first 20 days of integration, Rocket․Chat has found and fixed 17 real vulnerabilities, including a critical-severity account takeover (CVE-2026-55666), and a token replay attack (CVE-2026-55759).
Hacktron AI tweet media
English
1
3
9
1.7K
Hacktron AI
Hacktron AI@HacktronAI·
Almost every vulnerability we have exploited started as a pull request someone approved. That means your pull requests are not just code review events. They are security events too. Think about an open source project. A scanner finds a vulnerability and posts it right there as a public comment on the pull request: the full title, the description, the exact file and line. Great for the maintainer who has to fix it, but it’s also great for any hacker lurking around. The bug has been published before even closing it. So on public repos, Hacktron handles security issues differently. For findings outside the code a PR actually touched, the public comment shows only a link to view the details within the Hacktron platform. The real details stay private, visible to only the maintainers. Private and internal repos show full details as normal.
Hacktron AI tweet media
English
1
2
7
1.4K
Hacktron AI
Hacktron AI@HacktronAI·
Hacktron x @krispHQ Krisp is deployed on 200M+ devices, processes 80 billion minutes of voice conversations every month, and powers Discord's built-in AI noise suppression. At that scale, security is not just an internal priority. It is critical to Krisp and the customers who rely on them. Like many security teams, Krisp relied on traditional SAST tools, but high alert volumes and false positives made it difficult to separate real risk from noise. As engineering teams began using AI to ship software faster, Krisp needed a way to catch meaningful vulnerabilities earlier in the development process without slowing developers down or changing how teams work. Learn why Krisp partnered with Hacktron to bring an AI-native security workflow to their SDLC. Link below👇
Hacktron AI tweet media
English
1
3
14
4.1K
Hacktron AI retweetledi
zayne (zeyu) zhang
zayne (zeyu) zhang@zeyu1337·
Security only the branch of a willow tree could conjure. That's what you get when you work with a team obsessed with one thing: making security something you no longer have to obsess over. Not because security matters less, but because the real issues get surfaced automatically, without the false positives that come with them.
English
0
1
4
1.1K
Hacktron AI
Hacktron AI@HacktronAI·
🚨 NPM supply chain alert  🚨 There is an active compromise affecting Immobiliare packages. Check your dependency tree, remove affected packages, and rotate any secrets exposed in affected environments. github.com/immobiliare/ba…
Hacktron AI tweet media
English
1
3
14
1.8K
Hacktron AI retweetledi
Robert Chen
Robert Chen@NotDeGhost·
Anchor is secured by @HacktronAI Thanks to their open source program, all PRs get 24/7 coverage for security issues
Robert Chen tweet media
English
5
8
40
7.4K
Hacktron AI retweetledi
Rahul Maini
Rahul Maini@iamnoooob·
New blog: We show how a resurrected H2 INIT allows RCE into Metabase Cloud and taking over any tenant! Read the full write-up: hacktron.ai/blog/metabase-…
Rahul Maini tweet media
English
1
25
93
17.1K
Hacktron AI retweetledi
zayne (zeyu) zhang
zayne (zeyu) zhang@zeyu1337·
use the HacktronAI/dependency-scan GitHub action to check your dependencies against known malware & supply-chain compromises. this is the beginning of a broader effort! DMs open for feedback. github.com/hacktronai/dep…
zayne (zeyu) zhang tweet media
English
0
4
16
1.8K
Hacktron AI retweetledi
zayne (zeyu) zhang
zayne (zeyu) zhang@zeyu1337·
PSA: when you wake up, reach for your phone immediately. Do NOT scroll Instagram reels. Send a good morning message. Not to your girlfriend, to Claude. That way, you can start the clock for your 5 hour Claude Code usage limit while you freshen up and head to the office. At noon, the 5 hour window would have passed and the usage limit would reset. Then you can generate more shareholder value.
English
231
905
20.2K
1.1M