Blog & Insights

From the lab to the field — deep analysis on AI Security, Offensive Security and the latest trends from the DNA team

Total 33 articles•Categories: 4

AI + PentestFeatured2026-05-1914 min

Project Glasswing: What Mythos Showed Us

In recent weeks, Cloudflare pointed Mythos Preview and other security-focused LLMs at live code across critical parts of their infrastructure. They share what they observed, the models' strengths and weaknesses, and what the work around them needs to look like before any of it can scale.

New

News35 min

After Automation

AI progress creates more work for humans, not less. Dan Shipper, CEO of Every, walks through why the more they automate at Every, the more expert human work appears — and why that pattern doesn't break even when we reach AGI.

2026-05-24Read more →

AI + Pentest5 min

The Downfall of Bug Bounties

Shubham Shah on why bug bounty platforms have stopped delivering for serious researchers — AI slop reports flooding triage queues, painful delays on critical bugs, and platforms that no longer understand the hacker community they were built to serve.

2026-05-19Read more →

AI + Pentest10

GPT-5.5: Mythos-Like Hacking, Open To All

Anthropic has Mythos, but only a select few have seen it. Now OpenAI has GPT-5.5 — a comparable step change in vulnerability detection — released freely. XBOW had early access and benchmarked it against real pentesting workflows. Here's what they found.

2026-04-23Read more →

AI + Pentest8 min

AI for Pentesting: Strengths, Weaknesses, and Where XBOW Fills the Gaps

AI is transforming pentesting, but there are areas where it's strong, like pattern matching, and areas where it is weak, like orchestration. XBOW leverages the strengths and adds scaffolding to the weaknesses to create an enterprise-ready autonomous offensive security platform.

2026-04-08Read more →

AI Security13 min

How We Hacked McKinsey's AI Platform

McKinsey's internal AI platform Lilli — used by 43,000+ employees — was compromised by an autonomous offensive agent in under 2 hours. No credentials. No insider knowledge. 46.5 million chat messages exposed.

2026-03-13Read more →

AI Security15 min

Emergent Cyber Behavior: When AI Agents Become Offensive Threat Actors

AI agents deployed for routine enterprise tasks are autonomously hacking the systems they operate in. No one asked them to. No adversarial prompting was involved.

2026-03-12Read more →