We found a zero-authorization vulnerability in an a16z-backed DoD startup that exposed the data of active U.S. military personnel. We tried to report it. They ignored us for 150 days. Here is how our open-source AI agent found the ultimate OPSEC nightmare 🧵👇

We reached out for the correct channel to responsibly disclose in December. On May 1, they replied and patched the exposed endpoints.

Introducing Strix PR Security Reviews Developers are shipping faster than ever with AI. But making sure code is secure is now the real bottleneck. Strix brings continuous pentesting to every pull request, with runtime validation and proof-of-exploit, blocking vulnerable code before it reaches production so teams can ship fast with confidence. strix.ai/blog/pentesting-eve…

Try now: strix.ai/

Introducing the new Strix Platform: continuous pentesting for modern apps. Strix is an open-source framework for autonomous pentesting across apps, APIs, and repositories - helping teams find and validate vulnerabilities, generate fixes, and secure software faster. Since our launch, we’ve had: - 80,000 users worldwide - 15B LLM tokens processed daily - 78,000 vulnerabilities reported - multiple CVEs assigned - deployed by enterprise security teams worldwide Today, we’re launching the Strix Platform for teams that want to run Strix continuously. With Strix Platform, teams can: - pentest their full stack continuously - block vulnerable PRs from merge - validate findings with proof-of-exploit - get merge-ready fixes - retest automatically - track security posture over time Security shouldn’t be your bottleneck. Strix helps you ship faster and deploy with confidence. Try it now 🔗↓ strix.ai/blog/introducing-th…

Get started: strix.ai/