Show HN: Xbow raised $117M to build AI hackers, I open-sourced it for free
5 days ago
- #AI Security
- #Penetration Testing
- #Automated Hacking
- Strix are autonomous AI agents that act like real hackers, running code dynamically to find and validate vulnerabilities.
- Designed for developers and security teams, offering fast, accurate security testing without manual pentesting overhead.
- Features include full hacker arsenal tools, real validation through exploitation, developer-first integration, auto-fix & reporting.
- Capabilities cover HTTP proxy, browser automation, terminal environments, Python runtime, reconnaissance, and code analysis.
- Targets various vulnerabilities: access control, injection attacks, server-side, client-side, business logic, authentication, infrastructure.
- Supports distributed workflows, scalable testing, and dynamic coordination among agents.
- Usage examples: local codebase analysis, repository security review, web application assessment, focused testing.
- Requires configuration of AI provider (e.g., OpenAI GPT-5) and API key.
- Managed platform offers executive dashboards, custom models, CI/CD integration, large-scale scanning, and enterprise support.
- Operates in container isolation with local processing; currently in Alpha with rapid updates expected.
- Warning: Only test systems with permission; ethical and legal use is the user's responsibility.