Last week I demoed Apex, our open source AI pentesting agent, at AI Agents Demo Night in NYC at The Refinery at Domino. Live on stage, we hacked a financial institution in under 3 minutes. Apex doesn't just scan for textbook vulnerabilities. It digs into your infrastructure, finds what's exposed, maps out business logic flows that attackers could abuse, and exploits novel attack paths autonomously. I showed it discover an FTP server, identify write access, and deface the target site, all live in front of a packed room. No scripts. No playbooks. Just a prompt and a target. This is what attackers can do now. The question is whether you find the holes first. Demoed alongside @cognition, @clay, @justworks, @normativeai, North Cloud, and @trywindmill. Huge thanks to @TechNYC, @obviously_nyc, The Refinery at Domino, and our team at @runpensar for putting this together. Apex is open source. Link below, go break some things (legally).

If you are an open source maintainer and are worried about what's going on in security - we @runpensar want to sponsor continuously securing your project. Reach out to me via DM or email us at team(at)pensarai(dot)com

This will keep happening with increased frequency. So many hypergrowth startups relying on AI to build faster, accumulating financial crisis levels of security debt (we’ll hire someone to secure it later!) AI native startups are now a critical and least defended node in the enterprise attack surface.

Automatic security companies going to go crazy after Axios, Mercor and now Claude code. @runpensar is one I can think of

🚨 CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls in plain-crypto-js@4.2.1, a package that did not exist before today. This is a live compromise. This is textbook supply chain installer malware. axios has 100M weekly downloads. Every npm install pulling the latest version is potentially compromised right now. Socket AI analysis confirms this is malware. plain-crypto-js is an obfuscated dropper/loader that: • Deobfuscates embedded payloads and operational strings at runtime • Dynamically loads fs, os, and execSync to evade static analysis • Executes decoded shell commands • Stages and copies payload files into OS temp and Windows ProgramData directories • Deletes and renames artifacts post-execution to destroy forensic evidence If you use axios, pin your version immediately and audit your lockfiles. Do not upgrade.

We've been quiet the last few months. That was intentional. We've been working directly with real companies, real systems, and real constraints - making sure what we're building doesn't just work in controlled environments, but is mission-critical ready. Today, we're showing what we've been building. Introducing Pensar Apex - an AI-powered penetration testing agent that runs directly in your terminal. This isn't a wrapper or a chatbot. It's an autonomous agent that explores an application like a real tester, reasons about vulnerabilities, and chains multi-step attack paths. All from a single command. We've been dogfooding Apex on our own codebase for months, and enterprise customers have been running our cloud-hosted version against their environments. The results have sharpened the product considerably - nothing teaches you what "reliable" actually means like staking your own security on it. But the real breakthrough wasn't just building the agent - it was building a reliable validation system around it. One that forces the agent to deterministically verify its findings, continuously test its own hypotheses, and prove exploitability before reporting anything. Because agents are easy to demo, trustworthy agents are hard to build. That shift changed everything for us. Less guessing, more proving. Less noise, more signal. And via our cloud hosted offering, it can slot directly into your CI/CD pipeline - giving you continuous, validated pentesting results on every commit. Not periodic assessments that go stale the moment code changes. Continuous proof that your application holds up, running alongside your tests. This is what we think the new paradigm looks like: pentesting that lives in your development workflow, not outside of it. If you're a developer, you can run a pentest in minutes. If you're a security engineer, you can push it much further. Try it, break it, and tell us where it falls short. We've got a lot more coming.

Our autonomous pentesting agent just outperformed the two most popular open source offensive security agents on a benchmark of 60 modern, defense-enabled web apps. Battle-tested in production against our customers' environments from startups to financial institutions, Apex consistently finds and exploits critical vulnerabilities other agents and humans miss. Today we're releasing it open source alongside our internal benchmarks.

There’s been a lot of criticism of MCP lately, and I've felt the sentiment myself. But the discussion is circling a deeper shift that APIs are becoming the UX for agents. Humans tolerate messy APIs because we read docs, infer intent, and adapt. Agents don’t. They rely almost entirely on the semantic structure you expose. So the real design question becomes "how much meaning lives in your schema?" The better the interface communicates the system, the less intelligence the agent needs to use it.

We’re talking about sandboxes and security today at @daytonaio Compute! Great to chat with @shcallaway on how his new company @sazabi is using sandboxes to build the future of AI native observability

Tuesday 2/10 ‣ Galentine's Vibe Coding Night with v0 luma.com/b9vx5saz @ceciaramitaro @maddiedreese ‣ Hacking Agents February Meetup luma.com/utvcobkp @ratothebec ‣ Zero to Enterprise luma.com/h7fta8dx @runpensar @kylebhiro ‣ Women in AI: San Francisco Happy Hour hosted by Anything luma.com/mo4kyop9 @zariazinn @anything ‣ AI Journal Club for Researchers ft. ​Ben Coleman (Google Deepmind) luma.com/uglaf7c5 @workato

“did opus-4.6 fast brutally frame mog gpt-5.3-codex?”

If you want to see where AI security risk exists in OpenClaw or your agents go checkout app.vairde.ai 👀👀👀👀 WE LAUNCHED 👀👀👀👀

pulling up your 15 claude code tabs in the morning

Micro Center, Brooklyn

@AirMacNair24 has joined Pensar as Head of Growth! Joe’s experience spans sales, customer success, account management, and strategy. In his previous role, he was #1 in pentest sales across early stage, mid-market and enterprise accounts. Joe understands every stage of the pentest lifecycle, from initial scoping to final reporting and compliance readiness. His end-to-end knowledge positions him perfectly to help organizations leverage Pensar’s on-demand pentests for their security needs. Welcome, Joe!

I gave Apex, our pentesting agent, the Playwright MCP and ran it against internal benchmarks It registered an account on its own—hit auth-protected endpoints, found the signup flow, created credentials, and continued the pentest authenticated No instruction to do this. It just figured out that's what it needed to continue the attack chain

Shai Hulud 2.0 was a wake-up call. Hear from @Feross, Founder & CEO of @SocketSecurity, on supply chain attacks and what's next. Full episode is out now!

Speed, security and statefulness for AI code. Ep. 19 @ivanburazin, Co-Founder and CEO of @daytonaio is out now!