XBOW

Expert-level pentesting. On demand. Starting today. → Launch in minutes → Results in 5 days → Validated, reproducible, compliance-ready 🗓️ Live demo walkthrough tomorrow: xbow.com/pentest-webinar

“A lot of the conjecture about how good this model is is based on source code scanning,” says CEO and CISO @Jhaddix in our recent LinkedIn Live session on “security in a post-Mythos world.” Hear more from the discussion between Jason and XBOW AI researcher @moyix below. Watch full discussion here: bit.ly/4mHo3Te

Can LLMs transform pentesting? Yes. But not in isolation. It takes more than a model to make AI pentesting truly enterprise-ready. Learn more below. Get full details in this blog post by XBOW's Head of AI @thewunderalbert: bit.ly/4cb0o90

Big milestone for XBOW and the industry 🚀 For the first time, an autonomous AI hacker ranked in the top 10 of @Microsoft’s Security Response Center leaderboard. In Q1 2026, XBOW ranked 7️⃣ Among the XBOW findings, in March’s Patch Tuesday, XBOW was credited with: • CVE-2026-21536 (critical RCE in Microsoft Devices Pricing Program) • CVE-2026-32194 + CVE-2026-32191 (critical Bing RCEs with potential SYSTEM-level access) More details in blog ⬇️ bit.ly/4bNBgWT

Yael Grauer notes in a recent Verge article on the Mythos-led “Attack of the killer script kiddies” that, “What’s happening now represents a major escalation, where people without technical backgrounds are able to use AI to enhance their capabilities in a way that wasn’t possible with simple scripts.” Read the full article: bit.ly/4tHeab4

@Forbes Check out our analysis here: xbow.com/blog/mythos-li…

Accessible, adept AI ✔️ XBOW tested GPT 5.5, and it’s a game-changer for the cybersecurity industry, enabling more teams to tap into the power of offensive AI security for a stronger defense. More in @forbes: bit.ly/4cMX4Bn

From automation to autonomy. Mathew Payne, Field Security at XBOW, took the stage at @BlackHatEvents Asia to break down what agentic AI means for offensive security testing—and why the shift is already underway. His talk, "From Automation to Autonomy,” focused on moving beyond scripted scans to systems that can reason, adapt, and validate real attack paths. Thanks to all of the teams that joined the #BHASIA session in Singapore and pushed the conversation forward.

The problem isn’t finding bugs anymore. It’s figuring out which ones actually matter. In just three hours, @moyix and @Jhaddix will take the virtual stage to break down how AI is helping security teams find, validate, and remediate vulnerabilities; and what it takes to separate signal from noise at scale. No more bottlenecks. Just clarity at scale. Haven’t registered for the LinkedIn Live yet? Lock your spot in now ⬇️ bit.ly/4mHo3Te

@bwgscrapb @moyix @Jhaddix Yes! You'll be able to access a recording of the discussion on the LinkedIn Live event page post-event: bit.ly/4mHo3Te

@Xbow @moyix @Jhaddix Will there be a recording?

If a vulnerability storm is coming, how do you prioritize and fix the ones that matter? Detection isn’t the bottleneck anymore. Validation is. 🗓️ On April 27 at 12 pm ET, @moyix and @Jhaddix break down how offensive security shifts when AI moves from surfacing findings to validating real impact. What gets automated. What still requires human intuition. And how teams cut through the noise. Register for the LinkedIn Live: bit.ly/4mHo3Te

GPT-5.5 is dramatically changing how AI performs in security testing. In our evals, it cut missed vulnerabilities to 10% (down from 40% in GPT-5). That’s not incremental; it’s a step change. Our Head of AI, Albert Ziegler, shares more in this @thenewstack article from @psawers: bit.ly/41OTPUZ

Nasdaq recognizing XBOW’s recent inclusion on the Enterprise Tech 30 list! One of 60 enterprise tech leaders chosen from more than 15,000 candidates, XBOW is grateful to be included on this list of the most promising venture-backed enterprise tech companies. “The theme for 2026 is agents moving from demo to production,” said @peter_wagner, founding partner at @Wing_VC and creator of the ET30. “Last year, we saw the rise of agentic applications. This year, those agents are being deployed and doing real work.” See full list: bit.ly/4mNzWHB

Hiding tools never worked in security. The vulnerability research invite-only lists, private clubs. Info always leaked, and insiders won. AI offense is the same problem at a different scale. OpenAI’s answer to Mythos: accountable access, not exclusivity. That’s how you close the gap: bit.ly/4sSFiCD

Anthropic’s Mythos raised the bar for AI vuln detection but kept it invite-only. GPT-5.5 is OpenAI’s answer, and it’s open to all. We had early access. Ran the benchmarks. Blackbox GPT-5.5 already beats whitebox GPT-5. Best pentesting model we’ve tested. Read our analysis: bit.ly/48OX7v6

We appreciate everyone who stopped by the XBOW booth at #AWSSummit London today. Strong conversations around continuous, exploit-validated testing—where agents prove real attack paths, not just surface findings. More events and opportunities to connect soon.

Claude Opus 4.7 is Anthropic's most capable generally available model, with notable improvements over its predecessor Opus 4.6 in software engineering, instruction following, and vision — but it is intentionally less capable than Anthropic's most powerful offering, Claude Mythos Preview,” says @MichaelFNunez in a new @VentureBeat article. The article breaks down the implications of the release of Opus 4.7, including results from XBOW’s early access that revealed a 98.5% score on our visual-acuity benchmark: bit.ly/3OyQuGw

The AI question that more should be asking: When do the open weights models become capable of crafting exploits as well as the frontier models? XBOW CEO Oege de Moor’s estimate: 6–8 months, and that window is already closing. See more from this Fireside Chat with @robtlee, Chief AI Officer and Chief of Research at the @SANSInstitute and XBOW CEO @oegerikus: bit.ly/422eZPo

Headed to StackX Cybersecurity 2026 by @GovTechSG? Join XBOW at Booth 20! Stop by to get a demo of our autonomous offensive security platform and see how you can get human-quality testing results with the speed and scale of a machine. Learn more: bit.ly/4suVFVL

Today, Anthropic released Opus 4.7. We were lucky enough to have early access. We have been working with the model for a while – evaluating it to understand how it actually behaves in real offensive workflows. Get details on our findings: bit.ly/3QgH1nE