We've been heads-down building Neo for over a year. What started as a single agent can now run autonomously for tens of hours, verifying its own work as it goes. Here's how @neo_ai_engineer evolved:
Today we're launching https://t.co/oMdUm1axA5
It gives any AI agent ready-to-use security context for thousands of open source projects, built from each project's commit history of security fixes and its disclosed CVEs.
Useful whether your agent is writing code or reviewing it for bugs. Free, no auth, over MCP and API.
We've been heads-down building Neo for over a year. What started as a single agent can now run autonomously for tens of hours, verifying its own work as it goes. Here's how @neo_ai_engineer evolved:
@neo_ai_engineer has 60+ solves on levelupctf so far across a mix of categories, and still going.
If you're building an agent or a homegrown Claude setup, throw it at these. You'll learn a lot about where it breaks.
https://t.co/Pj1VhG1Jau
When we set out to build @neo_ai_engineer, we wanted it to support all kinds of security workflows, including malware and binary analysis.
So we put it up against the challenges at https://t.co/zfOTTJQtyQ
It solved each of them. No manual intervention.
We built three full-stack apps using Claude Code, Codex, and Cursor - a healthcare portal, a banking platform, and an insurance claims system. The prompts were casual, exactly how people actually vibe code. No mention of security, nothing intentionally broken.
Then we threw four security scanners at them Neo, Claude, Invicti and Snyk and manually verified every single finding.
The results genuinely surprised us. 70 exploitable vulnerabilities across three apps. Unlimited money creation in the banking app. Any user could create admin accounts in the insurance platform. Patient records accessible to anyone in the healthcare portal. All Critical and High severity. All shipped out of the box.
But what really got me was the scanner gap. Neo found 62 of 70 vulnerabilities with only 5 false positives. Snyk found literally zero valid issues. The difference between these tools isn't incremental it's the difference between finding the bugs that matter and walking away with a false sense of security.
Full blog with the stats is live. The detailed research paper with exact prompts, methodology, all the findings, and the apps themselves is coming soon.
Neo (@neo_ai_engineer) can now VPN into internal networks and run security assessments 🔓
Supports 8 providers. Secrets encrypted. Zero credential leakage.
Point it at your internal network, let it find vulns you'd miss manually.
See it in action: https://t.co/Nlhdqjd7VO
For some time I have been working on Neo, an AI security engineer by ProjectDiscovery with access to custom sandbox environments, browsers, and ProjectDiscovery open-source tools.
Neo can orchestrate agent swarms with specialized pre-built agents and custom agents built by users, and take on any task in the background asynchronously or with completely user-controlled workflows. It can research the web, set up your codebases on sandbox, test vulnerabilities for hours, or help you understand code to find vulnerabilities alongside you.
Neo creates its own memory while working on tasks, and users can create custom knowledge bases for code repos, blogs, or any other data.
All of this is accessible to Neo using subagents, and allows it to run for hours without anyone supervising it. We provide terminal access to the sandbox, so you can have full control over the sandbox environment tooling, or you can just ask Neo to set up any service or application by running Docker containers on the sandbox or just by giving Neo credentials to access APIs.
It has a persistent filesystem, where all tools you install or files you create are preserved, so you can come back and start things where you left off.
There is so much more you can do with Neo. We are very excited to see how everyone uses it.
Check out Neo finding a vulnerability in a real-world application: links below
📢 Introducing Neo: a cloud-based AI security engineer for real-world security work. A framework for automated security workflows inside your environment, Neo owns workflows like vuln triage, feature reviews, pentesting, and continuous compliance. It learns your stack, remembers context, and runs tasks in parallel in isolated sandboxes.
Read the launch blog: https://t.co/pN1AIXNZlB
Vulnerability management is broken. Legacy scanners like Qualys & Tenable were built 20 years ago and it shows. ProjectDiscovery’s cloud platform, powered by Nuclei, delivers fast, accurate, and exploitable-focused results. Open source powered. Enterprise ready.
#AppSec #CyberSecurity #VulnerabilityManagement #ProjectDiscovery #Nuclei
Today, we’re celebrating a huge milestone at ProjectDiscovery - our community has helped us reach 100,000 GitHub stars across our OSS projects! 🎉
To every contributor, user, and supporter - thank you. Your engagement, PRs, issues, and ideas push us forward every day. We’re just getting started, and we can’t wait to keep building the best security tools with you, for you.
Here’s to the next 100K! ❤️
Day 4 of launch week!
Introducing Nuclei -ai flag. We’re making custom vulnerability detection easy for everyone. No YAML skills required.
Here's what's new in v1 👇
(1/7)
Legacy vulnerability management tools weren’t built for today’s internet. We’re changing that.
Next week, we’re launching ProjectDiscovery v1 — a faster, more scalable, and more actionable approach to security.
Stay tuned. 👇
projectdiscovery.io is wild. Enter your domain, get the externally detectable internet footprint (hosts / IPs / ports…). Likely to uncover attack surface you were unaware of
A rare security tool that's not snake oil and immediately brings value to your operations 🫠