"Across these steps, Xint's approach was to use information from each response to construct the next request — progressively mapping what was reachable and what data could be extracted. The result: a single doctor's account was sufficient to access the medical records and appointment recordings of every patient in the hospital. Audio recordings of private medical conversations carry an especially high risk if exposed."
Check out this technical deep dive of an IDOR business logic vulnerability reflecting Xint's ability to use context like a human pent tester
https://xint.io/blog/using-context-idor-vulnerability-healthcare

We are particularly proud of finding this bug because of the subtlety in how it expressed itself - the vulnerability emerged from the interaction of two parts of the codebase far apart from each other. As a result, humans and machines alike had previously scanned Redis and missed this high-sev bug until Xint came along.
https://www.zeroday.cloud/blog/redis-cve-2026-23479-deep-dive

Point a smart enough model at your code and it finds the vulnerabilities. If the model is capable and the price is low or free, the exercise is done - right?
Learn why the model is the cheapest input when using LLMs in the real world for offensive security
https://xint.io/blog/167832

Check out the full interview with Xint researchers on Google @wiz podcast. They cover:
🪲 How Xint's custom LLM harness uncovered CopyFail, a privilege escalation bug affecting almost every Linux machine since 2017.
⏱️ The harsh reality of vulnerability disclosure in the AI era—why 90 days is too long when models can weaponize patches instantly.
🤖 The evolution of AI agents in security, from the DARPA AI Cyber Challenge to Claude 3.5 Sonnet and Mythos.
💣 Why false positives are actually just undocumented zero-days.
https://youtu.be/ZX1Ot50kYcU?si=C6R_gkGtXoQqaO4j

If LLM results are non-deterministic, how can you rely on them for AppSec? With the right scaffolding, this is actually a strength of AI AppSec over traditional SAST and DAST.
https://xint.io/blog/ai-application-security-testing-reliability

The first question we get when talking with CISOs is if Xint/AI replaces human cyber experts because LLMs are so good at bug discovery.
Short answer: no
Long answer: still no...and in fact human expertise is more important with the intersection of AI generating more insecure code faster than humans can review and AI-enabled attackers finding and exploiting vulns faster than teams can patch - but these human offensive security experts need the right AI platform
https://xint.io/blog/ai-cybersecurity-role-changes

Our co-founders spoke with Risky Business podcast about what we learned as a result of the disclosure for copy fail and what it says about the reality of established disclosure processes when AI-armed attackers can backwards engineer an exploit in hours with just a CVE and a patch
https://risky.biz/RBFEATURES22/

The @Verizon 2026 DBIR is out and it backs up a lot of what we've been saying:
-> More breaches are kicking off with vulnerability exploitation
-> AI tools are being used to automate the stages of an attack
-> Orgs are patching fewer vulnerabilities and taking longer to do so.
https://www.databreachtoday.co.uk/verizon-breach-report-vulnerability-exploitation-surges-a-31719

As a follow up to our copy fail research, here is our post sharing our PoC for container escape of this bug, which is part of why it was so unique
https://xint.io/blog/copy-fail-pod-to-host

AI gets a lot of big headlines but lacks in transparency. As practical offensive security researchers we want to know not just if a SOTA model found a bug, but also what was the bycatch and what did it take for human beings to validate the findings because, after all, the goal is to find as many vulns that hackers would target while minimizing the strain on product security teams. For the sake of transparency we share both our false positive rate (<25%) as well as how we arrive at this number.
https://xint.io/blog/xints-false-positive-rate