Strix

You can read the full timeline, the technical breakdown, and how Strix's parallel agents validated the flaw on our blog here: 🔗 strix.ai/blog/how-strix…

We reached out for the correct channel to responsibly disclose in December. On May 1, they replied and patched the exposed endpoints.

We found a zero-authorization vulnerability in an a16z-backed DoD startup that exposed the data of active U.S. military personnel. We tried to report it. They ignored us for 150 days. Here is how our open-source AI agent found the ultimate OPSEC nightmare 🧵👇

Introducing Context-Aware Pentesting in Strix The hardest vulnerabilities in modern apps are no longer simple code bugs. They depend on understanding your architecture, user flows, roles, and business logic, which is where most automated pentesting still falls short. Strix now brings persistent organizational context to every pentest, giving each run knowledge of your stack and learning from every finding and fix, so it can uncover the business logic and access control flaws generic testing misses. strix.ai/blog/context-a…

Check out our repo: github.com/usestrix/strix

Try now: strix.ai

Introducing Strix PR Security Reviews Developers are shipping faster than ever with AI. But making sure code is secure is now the real bottleneck. Strix brings continuous pentesting to every pull request, with runtime validation and proof-of-exploit, blocking vulnerable code before it reaches production so teams can ship fast with confidence. strix.ai/blog/pentestin…

Strix found a critical auth bypass in etcd, one of the most used open-source components in cloud infrastructure. Now published as CVE-2026-33413 (CVSS 8.8). Read the full writeup: strix.ai/blog/where-oth…

Check out our repo: github.com/usestrix/strix

Get started: strix.ai

Introducing the new Strix Platform: continuous pentesting for modern apps. Strix is an open-source framework for autonomous pentesting across apps, APIs, and repositories - helping teams find and validate vulnerabilities, generate fixes, and secure software faster. Since our launch, we’ve had: - 80,000+ users worldwide - 15B+ LLM tokens processed daily - 78,000+ vulnerabilities reported - multiple CVEs assigned - deployed by enterprise security teams worldwide Today, we’re launching the Strix Platform for teams that want to run Strix continuously. With Strix Platform, teams can: - pentest their full stack continuously - block vulnerable PRs from merge - validate findings with proof-of-exploit - get merge-ready fixes - retest automatically - track security posture over time Security shouldn’t be your bottleneck. Strix helps you ship faster and deploy with confidence. Try it now 🔗↓ strix.ai/blog/introduci…

Adding on to this, we have our agent trying to find more about this attack and besides the ifstap@proton.me mail mentioned in the gist, the payload package was published by nrwise@proton.me, a separate attacker account. Will share more as we dig deeper.

Excited to announce our partnership with @CaidoIO. Together, we're advancing agentic pentesting with more precise and controlled workflows for security teams. strix.ai/blog/partnerin…

Strix just hit 10K Stars, in under 3 months✨ It’s been a crazy week seeing our metrics and usage almost double every day for both the hosted and the OSS versions. Now ranked #1 trending repo this week and #3 for the month. Let’s go 🚀

Today we're launching Strix v2 - Open-source AI hackers to find and fix your app’s vulnerabilities We first launched Strix just a month ago. Since then, it’s grown to ~2,000 stars on GitHub and 8,000+ downloads. Now Strix is used by: • Security teams at Fortune 500s • Top 1% bug bounty hunters on HackerOne • Major auditing & compliance firms Finding 100s of critical vulnerabilities in production systems and OSS projects.