Introducing depx - open-source malicious package & supply-chain intelligence, in your terminal. Hijacked publishes, credential stealers, install-script backdoors. depx tells you in seconds if they're in your dependency tree. → Live feed of newly disclosed malicious packages, refreshed hourly → Audit lockfiles & SBOMs: npm, PyPI, Go, Cargo, RubyGems, Maven → Scan entire GitHub orgs via dependency-graph SBOMs → CI-ready: SARIF export, JSON output Passive, local-first, and fast. Powered by @openssf Malicious Packages data a live curated intel feed via @grok API.

78% of security practitioners rank secrets exposure as the top challenge introduced or amplified by AI-assisted coding. As developers move faster with AI tools, API keys, credentials, and hardcoded secrets are slipping into codebases at an unprecedented rate. Speed shouldn't come at the cost of exposure. Read the complete ProjectDiscovery's 2026 AI Coding Impact Report to see how modern teams balance speed with vulnerability management. Get the data now → projectdiscovery.io/research…

Want help with those old, neglected issues piling up in your tracker? This was actually the very first use case of Neo. You can bring your old findings straight into Neo from whatever tracker you're using. Neo handles the messy work, it understands the nuances, validates everything, helping you get your backlog under complete control. projectdiscovery.io/request-…

@pdiscoveryio has had a huge impact on the bug bounty community with tools like Nuclei, Httpx, Katana, Subfinder, Naabu, and many more. But beyond the popular tools, they have built several lesser-known gems that can make recon, validation, and vulnerability research much easier. Here's a thread on some underrated ProjectDiscovery tools worth checking out 👇 #BugBounty #CyberSecurity #InfoSec #Recon #ProjectDiscovery

Neo uncovered 22 confirmed CVEs across 13 popular open-source projects, including critical issues such as authentication bypasses and remote code execution.  It addresses the biggest pain point in AI security: moving beyond noisy false positives to actually prove vulnerabilities exist with working exploits and pentest-grade evidence.  Read the full deep dive on how Neo bridges the gap between finding bugs and validating them: projectdiscovery.io/request-…

According to @ehrishiraj, CEO & Co-Founder of Project Discovery, the bottleneck in security isn't finding vulnerabilities. It's fixing them. Listen to Rishi on @VentureWithKyle to break down why AI-assisted detection is outpacing remediation, and what has to change before that gap becomes a serious problem: podcasts.apple.com/us/podcas…

Neo slashed LLM costs by 59% (and up to 70% recently) using a clever prompt caching strategy.  Unlike standard AI chatbots that reprocess entire conversations, Neo uses a "relocation trick" to keep static system prompts and tool definitions in cache, only paying for the dynamic parts of complex, multi-step security tasks. This makes running continuous, deep-dive vulnerability assessments economically viable at a scale normal AI workflows can't match. Check out our blog to understand how we did it: projectdiscovery.io/blog/how…

Engineering teams are using AI coding assistants to ship faster than ever, security is lagging behind. Read the complete ProjectDiscovery's 2026 AI Coding Impact Report to see how modern teams balance speed with vulnerability management. You'll learn;  - The AI acceleration effect - The real risk surface - The triage trap - The noise problem Get the data now → projectdiscovery.io/research…

🚨 CVE-2026-0257- Palo Alto Networks PAN-OS - Authentication Bypass 🔍 Nuclei Template: cloud.projectdiscovery.io/li… 📑 Reference: rapid7.com/blog/post/etr-rap… #kev #authbypass #bugbounty

We've added Nuclei templates for both CVEs to help quickly validate affected instances. - CVE-2026-42271 (LiteLLM): github.com/projectdiscovery/… - CVE-2026-48710 (Starlette BadHost): github.com/projectdiscovery/…

Bug bounty hunters using AI are flooding programs with reports. Rishi Sharma [@ehrishiraj], CEO of Project Discovery, argues the real story isn't the noise. It's that attackers are moving just as fast, and the defenders who figure out how to filter signal from that flood are the ones who will win. Full episode on Secure Ventures: podcasts.apple.com/us/podcas…

New engineering blog: How @neo_ai_engineer's agent architecture evolved from one agent to plan → execute → verify. What worked, what broke, what we learned building agentic tooling for real security work. projectdiscovery.io/blog/neo…

@pdiscoveryio paid me xxx$ to fix a hang in tlsx that was choking scans on 30k targets handshakes with no timeouts, workers stuck on context.Background(), sequential cipher enum. fix → 30k in 2m31s, zero hangs. merged upstream, $xxx bounty #opensource #golang

First mobile CVE by @neo_ai_engineer — CVE-2026-48745 Traccar Client (100k installs): one deep link silently redirects GPS telemetry to an attacker. Neo found it using static analysis dynamic validation via @Genymotion integration. github.com/traccar/traccar-c…

When we created Katana, I think we may have just created the best crawling/spidering framework for hackers. ✅ Standard / Headless modes for better coverage on modern apps ✅ Customizable Config ✅ Scope control ✅ Output Filters Check it out 👉 github.com/projectdiscovery/… #hackwithautomation #cybersecurity #crawler #opensource #bugbounty

Stop drowning in massive vulnerability backlogs filled with false positives. Neo integrates with tracking programs like Jira, Linear or Slack to ingest findings and triage them by thinking like a real attacker. projectdiscovery.io/request-… #Neo #AISecurityEngineer

AI is helping devs ship faster than ever, but only 38% of security teams say they're keeping up. Our CEO @ehrishiraj on the widening gap between engineering and security, and how to close it without slowing anyone down 👇 devopsdigest.com/ai-is-causi…