Serving technology enthusiasts for more than 25 years. TechSpot is the place to go for tech advice and analysis you can trust.
Was just said? A year after its founding in 2013, cybersecurity startup Xbow is at the top of HackerOne’s leaderboard. This platform ranks the most effective bug hunters based on the number and severity vulnerabilities they discover for major companies. This is the first time that an artificial intelligence system has topped the list, beating out thousands of ethical hackers and security experts who have traditionally dominated this field.
Xbow’s rapid
Ascent shows how artificial intelligence is changing the landscape of software safety. The AI-driven tool
HackerOne has given a score of “reputation” to a team led Oege de Moor. This is almost 25 percent higher than the closest human competitor. Since its launch, Xbow’s software has identified hundreds flaws in products from companies such as Toyota, Disney and IBM.
Xbow’s technology operates by autonomously performing penetration testing. This is a process in which systems are probed to find weaknesses that malicious actors can exploit. Unlike traditional red team engagements, which can take weeks of manual work and cost tens or even hundreds of thousands of dollars, Xbow AI can scan continuously for vulnerabilities in a fraction the time and at a fraction the cost. The system relies on a series automated peer reviewers who verify the validity of each finding. This reduces the need for human involvement and minimizes false positives.
Xbow’s effectiveness has been validated through industry-standard benchmarks. The AI has autonomously passed 75 percent of web security benchmarks from recognized providers, and when tested on a set of novel challenges designed to prevent recycled solutions, it solved 85 percent of them. This demonstrates not only its ability to detect known flaws but also to generate original solutions to new problems.
The company’s momentum has attracted significant
InvestmentIn its first full year, Xbow received over $117 million from prominent investors, including former GitHub CEO Nat Friedman, and venture capital firms like Sequoia Capital, and Altoimeter Capital.
– XBOW, @Xbow, June 24, 2025.
Despite Xbow’s success, it faces the same challenges as other AI systems. Some of the reports were marked as duplicates, or only informative. Human teams had to filter out the less useful findings. The technology is also unable to handle vulnerabilities that are a result of business logic or contextual nuances such as privacy rules unique to certain industries. These still require explicit guidance.
As AI tools like Xbow are more common, the cybersecurity field enters a new era in which machines defend – and at times attack – each other. Xbow’s developers argue that this technology is crucial to help defenders stay on top of the game. “We can, for the first time, have a good hope that defenders can find and fix all the vulnerabilities before a system goes out,” de Moor said The Economic Times.
