Xint
Products
Xint Platform Xint Pulse
Resources
Blog Public Bug Tracker
About Theori
Login
Web App Code App
Talk to an Expert
EN KR
Products
Xint Platform Xint Pulse
Resources
Blog Public Bug Tracker
About Theori
Login
Web App Code App
Talk to an Expert
Language
EN KR

Xint Blog

Insights from the world's best offensive security researchers
See All Vulnerability ResearchAI for SecurityCompetitionsNewsProductOpen Source ProjectsFAQCase Study
Announcing Xint Pulse - The Full Capabilities of Xint Served One Scan at a Time

Announcing Xint Pulse - The Full Capabilities of Xint Served One Scan at a Time

Xint Pulse offers one-time scans of web applications powered by the full award-winning capabilities of the Xint enterprise platform
Hector Leano's avatar
Jul 15, 2026
ProductNewsAI for Security
FedRAMP Just Retired the Flat Scan. The New Rules Ask for Proof of Exploitability.

FedRAMP Just Retired the Flat Scan. The New Rules Ask for Proof of Exploitability.

Findings are not enough: Vulnerability Detection & Response and Vulnerability Evaluation & Reporting are now required to obtain or maintain FedRAMP Certification
Jeffrey Martin's avatar
Jul 14, 2026
NewsAI for Security
How to Safely Implement Autonomous AI Agents for Pentesting Live Apps

How to Safely Implement Autonomous AI Agents for Pentesting Live Apps

Autonomous AI security tools can cause as much damage as they prevent if harnessed incorrectly. This is how Xint delivers best-in-class results without compromising security.
Xint's avatar
Jul 07, 2026
AI for SecurityFAQProduct
How a FinTech Startup Accelerates Rapid Product Iteration Without Introducing Security Gaps With Xint

How a FinTech Startup Accelerates Rapid Product Iteration Without Introducing Security Gaps With Xint

For startups where speed is of the essence, when and how should security checks are performed can either be an accelerant or a bottleneck
Xint's avatar
Jun 24, 2026
NewsCase Study
Xint Achieves Dual ISO Certifications, Accelerating Global Security Compliance Roadmap

Xint Achieves Dual ISO Certifications, Accelerating Global Security Compliance Roadmap

Xint achieves the world's leading standard for information security management, evaluating an organization's security policies, risk management practices, access controls, and incident response procedures.
Hector Leano's avatar
Jun 23, 2026
ProductAI for SecurityNews
Announcing Xint Pulse - The Full Capabilities of Xint Served One Scan at a Time

Announcing Xint Pulse - The Full Capabilities of Xint Served One Scan at a Time

Xint Pulse offers one-time scans of web applications powered by the full award-winning capabilities of the Xint enterprise platform
Hector Leano's avatar
Jul 15, 2026
ProductNewsAI for Security
FedRAMP Just Retired the Flat Scan. The New Rules Ask for Proof of Exploitability.

FedRAMP Just Retired the Flat Scan. The New Rules Ask for Proof of Exploitability.

Findings are not enough: Vulnerability Detection & Response and Vulnerability Evaluation & Reporting are now required to obtain or maintain FedRAMP Certification
Jeffrey Martin's avatar
Jul 14, 2026
NewsAI for Security
How to Safely Implement Autonomous AI Agents for Pentesting Live Apps

How to Safely Implement Autonomous AI Agents for Pentesting Live Apps

Autonomous AI security tools can cause as much damage as they prevent if harnessed incorrectly. This is how Xint delivers best-in-class results without compromising security.
Xint's avatar
Jul 07, 2026
AI for SecurityFAQProduct
How a FinTech Startup Accelerates Rapid Product Iteration Without Introducing Security Gaps With Xint

How a FinTech Startup Accelerates Rapid Product Iteration Without Introducing Security Gaps With Xint

For startups where speed is of the essence, when and how should security checks are performed can either be an accelerant or a bottleneck
Xint's avatar
Jun 24, 2026
NewsCase Study
Xint Achieves Dual ISO Certifications, Accelerating Global Security Compliance Roadmap

Xint Achieves Dual ISO Certifications, Accelerating Global Security Compliance Roadmap

Xint achieves the world's leading standard for information security management, evaluating an organization's security policies, risk management practices, access controls, and incident response procedures.
Hector Leano's avatar
Jun 23, 2026
ProductAI for SecurityNews
FAQ: Are the Incremental Improvements in New Models Worth the Higher Cost?

FAQ: Are the Incremental Improvements in New Models Worth the Higher Cost?

What are the incremental benefits to each new (more expensive) model and when does it make sense to update?
Hector Leano's avatar
Jun 16, 2026
AI for SecurityProductFAQ
AI Wrapper vs. AI Native

AI Wrapper vs. AI Native

Everyone is claiming AI in AppSec, but there are meaningful differences in how AI is used, leading to fundamentally differences in exposure
Hector Leano's avatar
Jun 10, 2026
AI for SecurityFAQ
Using Context to Discover IDOR Vuln in Healthcare Co: Technical Deep Dive

Using Context to Discover IDOR Vuln in Healthcare Co: Technical Deep Dive

In an engagement with a healthcare client, Xint uncovered an IDOR vulnerability allowing unauthorized access to patients' protected health information (PHI).
Xint's avatar
Jun 02, 2026
Vulnerability ResearchAI for SecurityCase Study
FAQ: Is AI Application Security Testing Reliable If Results Vary Between Scans?

FAQ: Is AI Application Security Testing Reliable If Results Vary Between Scans?

Non-deterministic LLM vuln discovery is actually a strength for Xint since it can go beyond fixed rules or patterns that are easily gamed by attackers.
Hector Leano's avatar
May 28, 2026
ProductAI for SecurityFAQ
AI won’t replace human pentesters and security teams. It will be a force multiplier

AI won’t replace human pentesters and security teams. It will be a force multiplier

LLMs are changing the role of security researchers and engineers, but companies laying off human cyber experts just as AI coding generates more vulnerable code are in for a world of hurt.
Hector Leano's avatar
May 26, 2026
AI for SecurityFAQ
Copy Fail:
From Pod to Host.

Copy Fail: From Pod to Host.

A walkthrough of Copy Fail (CVE-2026-31431) as a container escape primitive: from a 4-byte page cache write to host root on Kubernetes.
Juno Im's avatar
May 19, 2026
Vulnerability ResearchAI for SecurityOpen Source Projects
Xint’s False Positive Rate: Methodology and Purpose

Xint’s False Positive Rate: Methodology and Purpose

We don’t know the FP rate for the latest frontier models when it comes to AppSec. We share ours and how we arrived at it.
Hector Leano's avatar
May 18, 2026
ProductAI for Security
Kernel Vulns Uncovered by Xint in MacOS, iOS and iPadOS

Kernel Vulns Uncovered by Xint in MacOS, iOS and iPadOS

This is an overview of the two kernel-level vulnerabilities uncovered by Xint Code in MacOS, iOS and iPadOS which have been patched by Apple
Hector Leano's avatar
May 12, 2026
Vulnerability ResearchAI for SecurityNews
Why Zero Data Retention Should Be Non-Negotiable When Your Team Uses LLMs

Why Zero Data Retention Should Be Non-Negotiable When Your Team Uses LLMs

Zero data retention (ZDR) policies for LLMs in AppSec are not the default, but here's why they belong at the top of your AI procurement checklist.
Hector Leano's avatar
May 11, 2026
Product
What to Ask Every AI PenTest Vendor Before You Buy

What to Ask Every AI PenTest Vendor Before You Buy

These are the 8 questions that will tell you whether a vendor is selling a pen test alternative, a faster SAST tool, or a demo that doesn’t survive production
Hector Leano's avatar
May 06, 2026
AI for SecurityProduct
Vulnerabilities vs. Weaknesses: Why the Distinction Matters

Vulnerabilities vs. Weaknesses: Why the Distinction Matters

There's a difference between insecure code patterns and true vulnerabilities that hackers seek to exploit. Why does that matter?
Jeffrey Martin's avatar
May 05, 2026
Vulnerability ResearchAI for SecurityProduct
Working With DARPA to Secure Open Source Infrastructure: CVE-2026-31789

Working With DARPA to Secure Open Source Infrastructure: CVE-2026-31789

The story behind CVE-2026-31789 demonstrates how DARPA and Xint are accelerating AI cyber defenses
Hector Leano's avatar
May 04, 2026
CompetitionsNews Vulnerability ResearchOpen Source Projects
Copy Fail: 732 Bytes to Root on Every Major Linux Distribution.

Copy Fail: 732 Bytes to Root on Every Major Linux Distribution.

Xint Code disclosed CVE-2026-31431, an authencesn scratch-write bug chaining AF_ALG + splice() into a 4-byte page cache write. A 732-byte PoC gets root on Ubuntu, Amazon Linux, RHEL, SUSE.
Juno Im's avatar
Apr 29, 2026
AI for Security Vulnerability ResearchOpen Source Projects
System, Not Model: Why Off-the-Shelf LLMs Don’t Replace a Pen Test

System, Not Model: Why Off-the-Shelf LLMs Don’t Replace a Pen Test

What do buyers actually purchase when they pay for a vulnerability discovery platform, and why is the model the cheapest input in the bill?
Jeffrey Martin's avatar
Apr 27, 2026
Vulnerability ResearchAI for Security
Theori Deploys AI Hacker ‘Xint’ to Samsung Electronics, Leading the Charge in Large-Scale IT Asset Security Automation

Theori Deploys AI Hacker ‘Xint’ to Samsung Electronics, Leading the Charge in Large-Scale IT Asset Security Automation

Press Release for April 21, 2026
Hector Leano's avatar
Apr 21, 2026
News
The Frontier Isn’t the Model: Why ‘Good Enough’ Reasoning + Scaffolding Is More Important

The Frontier Isn’t the Model: Why ‘Good Enough’ Reasoning + Scaffolding Is More Important

In this exclusive report, Xint researchers compare Mythos's publicly disclosed results versus what broadly available models can accomplish using advanced scaffolding
Hector Leano's avatar
Apr 16, 2026
AI for Security Vulnerability Research
AI Made Code Cheap. Trust Did Not.

AI Made Code Cheap. Trust Did Not.

While code is abundant, assurance is scarce. The winners won't be the teams that generate the most code, it’ll be the teams that can prove it's safe.
Hector Leano's avatar
Apr 13, 2026
AI for Security
Finding and Patching a CPython 0day in Hours: CVE-2026-6100

Finding and Patching a CPython 0day in Hours: CVE-2026-6100

A critical CPython CVE today took less than 45 minutes of human work to find, triage, and fix because of Xint Code
Hector Leano's avatar
Apr 13, 2026
Vulnerability ResearchOpen Source Projects
How Xint’s Predictable Pricing Solves the Token Burn Problem for AI in AppSec

How Xint’s Predictable Pricing Solves the Token Burn Problem for AI in AppSec

Linear increases in code are leading to exponential token burn increases. Xint's orchestration brings clear, predictable pricing.
Hector Leano's avatar
Apr 09, 2026
AI for Security
What are business logic vulnerabilities, and why are they so hard to catch?

What are business logic vulnerabilities, and why are they so hard to catch?

Even secure-looking code can hide dangerous flaws. Learn why business logic vulnerabilities are hard to detect and why most scanners miss them.
Hector Leano's avatar
Mar 05, 2026
AI for Security
Announcing Xint Code

Announcing Xint Code

Real Vulnerabilities. Actionable Results.
Hector Leano's avatar
Dec 15, 2025
AI for SecurityProduct
AI Cyber Challenge and Theori's RoboDuck

AI Cyber Challenge and Theori's RoboDuck

An introduction to DARPA's AI Cyber Challnge and Theori's third place cyber reasoning system
Hector Leano's avatar
Aug 08, 2025
CompetitionsAI for Security
Building Effective LLM Agents | AI Cyber Challenge

Building Effective LLM Agents | AI Cyber Challenge

How we learned to build effective LLM agents for hacking at DARPA's AI Cyber Challenge (AIxCC)
Hector Leano's avatar
Aug 08, 2025
AI for SecurityCompetitions
Xint

AI-powered vulnerability discovery that proves exploitability in your live application.

XLinkedInBlueskyFediverse
Products
Xint PlatformXint Pulse
Company
AboutContact
Resources
BlogPublic Bug Tracker
Legal
Privacy PolicyTerms of UseTrust Center
© 2026 Theori. All Rights Reserved.