Applications for the HackerOne Brand Ambassador program are open! 🙌 We are looking for Brand Ambassadors from around the world to empower the next generation of security researchers. 💪 Some countries without ambassadors are Estonia, Sweden, France, Italy, and Indonesia.

We have been a little bit silent lately, but XBOW has been running at full steam. In 2025 we found 106 vulnerabilities in OSS projects, and we report 72 already.

A must watch!!! 🔥

🚨Con Presentations by Guided Hacking Members The Underground World of Anti-Cheats From Niemand at Black Hat Europe 2019 👉youtu.be/yJHyHU5UjTg 1/10

🚨📢 Call for Volunteers! 📢🚨 Bug Bounty Village @ DEF CON 33 is looking for in-person & remote volunteers to help make this year’s event epic! If you’re passionate about bug bounty & community, apply now! 🔗 bugbountydefcon.com/call-for-volun… #DEFCON #BugBounty #Volunteer

AI isn’t replacing bug bounty hunters anytime soon, but it’s getting surprisingly close. In this DEF CON talk, Joel Noguera & Diego Jurado (@xbow) show how they built agents that exploit real-world XSS, JWT, and CSRF bugs autonomously youtu.be/YDsHI2acEVA #BugBounty #DEFCON

Ever run an exploit in the wrong path? AI has too In this demo, Niemand & djurado show their agent (@xbow) debugging itself, fixing dependencies, tweaking payloads and eventually logging in as admin — autonomously. Full talk → youtu.be/YDsHI2acEVA #BugBounty #DEFCON

This AI agent reads the JavaScript, understands the registration flow, creates a test user, and uses those creds to keep exploring the app Niemand, djurado, and @xbow are pushing what autonomous bug hunting can do. Full talk → youtu.be/YDsHI2acEVA #BugBounty #DEFCON

This AI agent builds a full exploit chain on its own. Niemand, djurado show how it all works. Full talk → youtu.be/YDsHI2acEVA #BugBounty #DEFCON

This AI agent from @XBOW detects it's in an admin context, parses the full DOM, locates the URL-encoded flag, and solves the challenge — fully autonomously. Niemand & djurado show how it works. Full talk → youtu.be/YDsHI2acEVA #BugBounty #DEFCON

Niemand, djurado & @XBOW tested 5 pentesters vs their AI agent. Humans had 40 hrs. The AI cracked everything in 30 mins. It’s fast — but humans still lead on creativity + hard bugs. Watch the full talk → youtu.be/YDsHI2acEVA #BugBounty #DEFCON

😱

👑 They doubted my vision, now they witness our ascension. ⌛️ Coming Soon... 🚀 Guided Hacking's Anticheat Development Course

What a team! Congratulations to my friends djurado , Leandro Barragan and kcho

⚡ [20.98.103.245] Cross-Site Scripting (XSS) via /ssl-vpn/getconfig.esp at GlobalProtect VPN Portal 👨🏻‍💻 @xbow ➟ Informatica 🟥 High 💰 None 🔗 hackerone.com/reports/3096384 #bugbounty #bugbountytips #cybersecurity #infosec

Hacking with friends always pays off :) thank you HackerOne & Salesforce for such an amazing event! This time I teamed up with Kcho, djurado and Niemand to land a few crits that got us the eliminator award 😊

HackerOne celebrated top hackers at H16102 in Sydney. Congrats to the award winners. shubs , Lupin , shorlhax, doomerhunter , Niemand , djurado , kcho, none_of_the_above, Geluchat , Kévin GERVOT (Mizu) (Sorry if I didn't tag you! Couldn't find your Twitter)

One of the great privileges of XBOW is having the opportunity to work with talented individuals like djurado Niemand Alvaro Muñoz 🇺🇦 Nicolas Trippar Lean and Javi! x.com/xbow/status/19…

So happy to see XBOW performing as the top hacker in the US at HackerOne !! More than 1000 bugs have been submitted in just a few months 🔥

📈