🏆 @FortuneMagazine , @lightspeedvp , and @awscloud have named @Xbow the Early Growth Stage Category Winner on the #Cyber60 2026. Proof that autonomous offense isn’t the future, it’s already here, and we’re defining it. 🔗 Read more → fortune.com/ranking/cyber/20…

From assessment to SOC 2 submission in 5 days → Day 1: Start → Day 2: Report → Day 3: Fix → Day 5: Submit to evidence workflow See how @BloompathAI found it, fixed it, proved it, in less than a week. 📰 xbow.com/blog/customer-bloom… 🚀 xbow.com/pentest

Nico reflects on our journey, from HackerOne to the NYSE floor, and what comes next for democratizing offensive testing. 📰 Read the recap → xbow.com/blog/democratizing-…

Seeing our logo on the NYSE floor as the Early Growth Stage Winner on the #Cyber60 is a proud milestone, and a glimpse of where cybersecurity is headed. “The rapid advances of AI and the ceaseless scheming of hackers make cyber startups one of the most dynamic and innovative sectors in tech.” @FortuneMagazine Thank you to our customers, team, and investors @sequoia and @altimetercap for being part of this journey. 🔗 Read → fortune.com/2025/10/30/ai-st…

Security is one of the most important areas in AI, as @altcap said at GTC! @Xbow is leading the charge on startups that are innovating in Cyber! Great shoutout for @oegerikus and team by @George_Kurtz

If you’re in DC for @owasp Global AppSec, join us for Apps(ec) & Aperitifs: dinner, drinks, swag, and sharp security conversations. Register to attend; spots and swag are limited. 📍RSVP here xbow.com/dcreception2025 #OWASP #AppSec #Cybersecurity

Security tools catch issues. But do they matter? Join @GeekMasher + @pwntester with @GitHub tomorrow as they show how AI agents:  → Exploit like experts → Ship findings in minutes → Validate vulns scanners miss 🗓️Live @ 11:15am PT | 2:15pm ET aka.ms/GHAS/1022/x

💡 Insights & innovation at the #AWS & @lightspeedvp #Cyber60 event during #SFTW! 🔐 Thanks to @Xbow, @TrustVanta, @ConductorOneInc, @guruchahal & @JasonDClinton for sharing their vision of an AI-driven, integrated & proactive approach to the future of cybersecurity. 🎬 Up next is the Culver Cup: AWS Gen AI Film Showcase, where the future of filmmaking meets AI. go.aws/4mXDvt4

SAST and DAST operate in silos. Attackers don’t. XBOW agents combine both: → Static tells them where to look → Dynamic shows how to break it → Coordination = real exploits, not noise Autonomous testing needs attacker logic, not just coverage. ⚡️Deep dive here: xbow.com/blog/tales-from-the…

Action required now: Upgrade to Chef Automate 4.13.295 or later immediately. CVE: cve.org/CVERecord?id=CVE-202… This is autonomous security testing in practice - finding and responsibly disclosing critical vulnerabilities before they're exploited at scale

The discovery path: Found during testing on a HackerOne program, then realized it affected the upstream open-source Chef Automate project. We immediately disclosed to Progress (Chef's parent company), who responded quickly with a fix.

What makes this interesting from a testing perspective: XBOW also discovered a default authentication token (93a49a4f2482c64126f7b6015e6b0f30284287ee4054ff8807fb63d9cbd1c506) that provided access to previously protected endpoints. This token exists in some GitHub repos but isn't widely known.

How XBOW found it: XBOW's autonomous testing identified SQL injection through the type field in the filters array using PostgreSQL's string concatenation operator. The application uses pq driver, and error messages revealed the injection point.

The vulnerability allows authenticated attackers to execute arbitrary SQL commands against the PostgreSQL database through the compliance profiles search endpoint at /api/v0/compliance/profiles/search. Potential impact: compromised data access.

🚨 Critical SQL injection in Chef Automate (CVE-2025-8868) If you're running Chef for infrastructure automation, patch immediately to version 4.13.295 or later. Full technical breakdown: xbow.com/blog/cooking-an-sql… What XBOW found 🧵

Live in 1 hour. 200+ zero-days. 0 false positives. Real apps. @moyix & @pwntester walk through how XBOW agents validate exploits at scale. 📍Join here: xbow.zoom.us/webinar/registe…

AI attacks are scaling. Defenders aren’t. We're entering the Chaos Phase, where autonomous exploit tools move faster than manual security ever could. With AI, defenders will win. But those that are slow to adopt AI will lose.