logo
|
Blog

    XINT.IO BLOG

    Insights from the world's best offensive security researchers
    See All Vulnerability ResearchAI for SecurityCompetitionsNewsProductOpen Source ProjectsFAQCase Study
    AI Wrapper vs. AI Native

    AI Wrapper vs. AI Native

    Everyone is claiming AI in AppSec, but there are meaningful differences in how AI is used, leading to fundamentally differences in exposure
    Hector Leano's avatar
    Jun 10, 2026
    Using Context to Discover IDOR Vuln in Healthcare Co: Technical Deep Dive

    Using Context to Discover IDOR Vuln in Healthcare Co: Technical Deep Dive

    In an engagement with a healthcare client, Xint uncovered an IDOR vulnerability allowing unauthorized access to patients' protected health information (PHI).
    Xint's avatar
    Jun 02, 2026
    Vulnerability ResearchAI for SecurityCase Study
    FAQ: Is AI Application Security Testing Reliable If Results Vary Between Scans?

    FAQ: Is AI Application Security Testing Reliable If Results Vary Between Scans?

    Non-deterministic LLM vuln discovery is actually a strength for Xint since it can go beyond fixed rules or patterns that are easily gamed by attackers.
    Hector Leano's avatar
    May 28, 2026
    ProductAI for SecurityFAQ
    AI won’t replace human pentesters and security teams. It will be a force multiplier

    AI won’t replace human pentesters and security teams. It will be a force multiplier

    LLMs are changing the role of security researchers and engineers, but companies laying off human cyber experts just as AI coding generates more vulnerable code are in for a world of hurt.
    Hector Leano's avatar
    May 26, 2026
    AI for Security
    Copy Fail: From Pod to Host.

    Copy Fail: From Pod to Host.

    A walkthrough of Copy Fail (CVE-2026-31431) as a container escape primitive: from a 4-byte page cache write to host root on Kubernetes.
    Juno Im's avatar
    May 19, 2026
    Vulnerability ResearchAI for SecurityOpen Source Projects
    AI Wrapper vs. AI Native

    AI Wrapper vs. AI Native

    Everyone is claiming AI in AppSec, but there are meaningful differences in how AI is used, leading to fundamentally differences in exposure
    Hector Leano's avatar
    Jun 10, 2026
    Using Context to Discover IDOR Vuln in Healthcare Co: Technical Deep Dive

    Using Context to Discover IDOR Vuln in Healthcare Co: Technical Deep Dive

    In an engagement with a healthcare client, Xint uncovered an IDOR vulnerability allowing unauthorized access to patients' protected health information (PHI).
    Xint's avatar
    Jun 02, 2026
    Vulnerability ResearchAI for SecurityCase Study
    FAQ: Is AI Application Security Testing Reliable If Results Vary Between Scans?

    FAQ: Is AI Application Security Testing Reliable If Results Vary Between Scans?

    Non-deterministic LLM vuln discovery is actually a strength for Xint since it can go beyond fixed rules or patterns that are easily gamed by attackers.
    Hector Leano's avatar
    May 28, 2026
    ProductAI for SecurityFAQ
    AI won’t replace human pentesters and security teams. It will be a force multiplier

    AI won’t replace human pentesters and security teams. It will be a force multiplier

    LLMs are changing the role of security researchers and engineers, but companies laying off human cyber experts just as AI coding generates more vulnerable code are in for a world of hurt.
    Hector Leano's avatar
    May 26, 2026
    AI for Security
    Copy Fail: From Pod to Host.

    Copy Fail: From Pod to Host.

    A walkthrough of Copy Fail (CVE-2026-31431) as a container escape primitive: from a 4-byte page cache write to host root on Kubernetes.
    Juno Im's avatar
    May 19, 2026
    Vulnerability ResearchAI for SecurityOpen Source Projects
    Xint’s False Positive Rate: Methodology and Purpose

    Xint’s False Positive Rate: Methodology and Purpose

    We don’t know the FP rate for the latest frontier models when it comes to AppSec. We share ours and how we arrived at it.
    Hector Leano's avatar
    May 18, 2026
    ProductAI for Security
    Kernel Vulns Uncovered by Xint in MacOS, iOS and iPadOS

    Kernel Vulns Uncovered by Xint in MacOS, iOS and iPadOS

    This is an overview of the two kernel-level vulnerabilities uncovered by Xint Code in MacOS, iOS and iPadOS which have been patched by Apple
    Hector Leano's avatar
    May 12, 2026
    Vulnerability ResearchAI for SecurityNews
    Why Zero Data Retention Should Be Non-Negotiable When Your Team Uses LLMs

    Why Zero Data Retention Should Be Non-Negotiable When Your Team Uses LLMs

    Zero data retention (ZDR) policies for LLMs in AppSec are not the default, but here's why they belong at the top of your AI procurement checklist.
    Hector Leano's avatar
    May 11, 2026
    Product
    What to Ask Every AI PenTest Vendor Before You Buy

    What to Ask Every AI PenTest Vendor Before You Buy

    These are the 8 questions that will tell you whether a vendor is selling a pen test alternative, a faster SAST tool, or a demo that doesn’t survive production
    Hector Leano's avatar
    May 06, 2026
    AI for SecurityProduct
    Vulnerabilities vs. Weaknesses: Why the Distinction Matters

    Vulnerabilities vs. Weaknesses: Why the Distinction Matters

    There's a difference between insecure code patterns and true vulnerabilities that hackers seek to exploit. Why does that matter?
    Hector Leano's avatar
    May 05, 2026
    Vulnerability ResearchAI for SecurityProduct
    Working With DARPA to Secure Open Source Infrastructure: CVE-2026-31789

    Working With DARPA to Secure Open Source Infrastructure: CVE-2026-31789

    The story behind CVE-2026-31789 demonstrates how DARPA and Xint are accelerating AI cyber defenses
    Hector Leano's avatar
    May 04, 2026
    CompetitionsNews Vulnerability ResearchOpen Source Projects
    Copy Fail: 732 Bytes to Root on Every Major Linux Distribution.

    Copy Fail: 732 Bytes to Root on Every Major Linux Distribution.

    Xint Code disclosed CVE-2026-31431, an authencesn scratch-write bug chaining AF_ALG + splice() into a 4-byte page cache write. A 732-byte PoC gets root on Ubuntu, Amazon Linux, RHEL, SUSE.
    Juno Im's avatar
    Apr 29, 2026
    AI for Security Vulnerability ResearchOpen Source Projects
    System, Not Model: Why Off-the-Shelf LLMs Don’t Replace a Pen Test

    System, Not Model: Why Off-the-Shelf LLMs Don’t Replace a Pen Test

    What do buyers actually purchase when they pay for a vulnerability discovery platform, and why is the model the cheapest input in the bill?
    Apr 27, 2026
    Vulnerability ResearchAI for Security
    Theori Deploys AI Hacker ‘Xint’ to Samsung Electronics, Leading the Charge in Large-Scale IT Asset Security Automation

    Theori Deploys AI Hacker ‘Xint’ to Samsung Electronics, Leading the Charge in Large-Scale IT Asset Security Automation

    Press Release for April 21, 2026
    Hector Leano's avatar
    Apr 21, 2026
    News
    The Frontier Isn’t the Model: Why ‘Good Enough’ Reasoning + Scaffolding Is More Important

    The Frontier Isn’t the Model: Why ‘Good Enough’ Reasoning + Scaffolding Is More Important

    In this exclusive report, Xint researchers compare Mythos's publicly disclosed results versus what broadly available models can accomplish using advanced scaffolding
    Hector Leano's avatar
    Apr 16, 2026
    AI for Security Vulnerability Research
    AI Made Code Cheap. Trust Did Not.

    AI Made Code Cheap. Trust Did Not.

    While code is abundant, assurance is scarce. The winners won't be the teams that generate the most code, it’ll be the teams that can prove it's safe.
    Hector Leano's avatar
    Apr 13, 2026
    AI for Security
    Finding and Patching a CPython 0day in Hours: CVE-2026-6100

    Finding and Patching a CPython 0day in Hours: CVE-2026-6100

    A critical CPython CVE today took less than 45 minutes of human work to find, triage, and fix because of Xint Code
    Hector Leano's avatar
    Apr 13, 2026
    Vulnerability ResearchOpen Source Projects
    How Xint’s Predictable Pricing Solves the Token Burn Problem for AI in AppSec

    How Xint’s Predictable Pricing Solves the Token Burn Problem for AI in AppSec

    Linear increases in code are leading to exponential token burn increases. Xint's orchestration brings clear, predictable pricing.
    Hector Leano's avatar
    Apr 09, 2026
    AI for Security
    What are business logic vulnerabilities, and why are they so hard to catch?

    What are business logic vulnerabilities, and why are they so hard to catch?

    Even secure-looking code can hide dangerous flaws. Learn why business logic vulnerabilities are hard to detect and why most scanners miss them.
    Hector Leano's avatar
    Mar 05, 2026
    AI for Security
    Announcing Xint Code

    Announcing Xint Code

    Real Vulnerabilities. Actionable Results.
    Hector Leano's avatar
    Dec 15, 2025
    AI for SecurityProduct
    AI Cyber Challenge and Theori's RoboDuck

    AI Cyber Challenge and Theori's RoboDuck

    An introduction to DARPA's AI Cyber Challnge and Theori's third place cyber reasoning system
    Hector Leano's avatar
    Aug 08, 2025
    CompetitionsAI for Security
    Building Effective LLM Agents | AI Cyber Challenge

    Building Effective LLM Agents | AI Cyber Challenge

    How we learned to build effective LLM agents for hacking at DARPA's AI Cyber Challenge (AIxCC)
    Hector Leano's avatar
    Aug 08, 2025
    AI for SecurityCompetitions