AI Tool Surpasses White Hat Hackers in Vulnerability Detection

The AI tool Xbow, developed by the eponymous company, has topped the leaderboard of white hat hackers who have identified and reported the most software vulnerabilities in major companies.

HackerOne offers a platform where firms can test their software and offer rewards for bug discovery. There are open and closed programs, with the latter available by invitation. Xbow participates in both.

The tool has helped uncover flaws in the systems of Amazon, Disney, PayPal, and Sony Group Corporation.

HackerOne co-founder Michiel Prins highlighted that this is the first instance of an AI service leading the American reputation leaderboard, which measures the number of vulnerabilities found and their significance.

Xbow was founded in January 2024 by former Copilot head Auke de Moor. It raised $75 million in a new funding round led by Altimeter Capital, with participation from Sequoia Capital and NFDG.

Companies often hire individuals to test corporate networks for potential vulnerabilities. This process takes several weeks and costs an average of $18,000. De Moor intends to sell a product that allows for regular checks of this nature.

The HackerOne co-founder emphasized that vulnerability hunters have long automated part of their work, and in the past two years, AI has become a key tool in their activities. Nearly all human experts supplement their efforts with artificial intelligence, and some are attempting to create a tool similar to Xbow.

The issue is that unscrupulous hackers also use AI algorithms to automate attacks, increase their frequency, and reduce costs.

“For the first time, we can hope that defenders will be able to find and fix all vulnerabilities before a system fails,” de Moor emphasized.

The Xbow algorithm performs well in finding typical coding errors but struggles with understanding product design logic flaws.

In May 2025, Google integrated a new AI-based protection mechanism into its Chrome browser.