An AI holds the top slot in a leaderboard that ranks people who hunt for system vulnerabilities used by hackers
In the world of cybercrime and hacking, the rise of AI has been a blessing, as it has given ne’er-do-wells even more ways to steal accounts, nab vital information, or phish you for money. All is not lost, though, as it turns out that there’s one AI that’s so good at finding security issues and vulnerabilities in code that it’s currently the leader in the US HackerOne leaderboard.
The company that developed the AI model is called Xbow (no, not Xbox) and it’s used the same name for the system itself. Xbow is also relatively new, as a Bloomberg report states that the start-up has only been around for a year. So far, it’s picked up $75 million in funding but I suspect given just how successful it’s been at finding security problems, that there will be more investors interested in getting involved.
What Xbow is doing isn’t exactly new, as ethical hackers have been using all kinds of automated tools to test and check code, websites, and the like for years. AI has been of particular interest more recently, of course, because if there is one thing that artificial intelligence models are good at, it’s trawling through vast amounts of data to find common patterns.
The Xbow AI carries something called automated penetration testing, which simulates cyberattacks or any kind of systematic abuse of security vulnerabilities in code. In the past, this has been done somewhat manually, making the whole process very time-consuming and therefore costly. In the case of the latter, it’s sometimes so expensive that some companies will just fire out code without ensuring that it’s memory-safe.
Given that Xbow currently tops the US HackerOne leaderboard, it’s clearly doing a good job. That said, it’s not perfect and part of that is down to AI hallucination, which the model spits out an entirely wrong answer because it’s come across data that it’s never been trained on or not enough, at the very least. Xbow, the company that is, gets around this issue by manually vetting each reported issue.
There’s also the fact that the AI has no notion of context. For example, as Xbow co-founder Oege de Moor told Bloomberg, “it needs to be explicitly told when looking at a medical website that prescriptions should be kept private.”
Given just how important it is for code to be memory-safe these days, where programs don’t produce unexpected errors in memory which makes them vulnerable to attack, I dare say that we’re going to see a lot more start-ups and projects like Xbow appearing in the next few years. And if they all happen to be machine-powered but human-verified, for the ultimate in speed and accuracy, then that’s surely one great thing we’ll be able to say AI has done for us all.
Best gaming rigs 2025
