AI Agent Finds Security Flaw During Sales Demo

The use of AI for automated security auditing is a rapidly growing field, moving beyond theoretical applications to real-world vulnerability discovery. In 2025, Google's AI agent, "Big Sleep," identified a critical SQLite vulnerability (CVE-2025-6965) before it could be exploited, and Microsoft's Security Copilot has also been used to uncover significant bootloader flaws. These events highlight a shift towards predictive defense, where AI agents can proactively find zero-day vulnerabilities faster than human researchers. Esprit AI, the company behind the agent in the demo, specializes in autonomous penetration testing. Their agents are designed to continuously scan code, test infrastructure, and simulate attacks to find vulnerabilities from the OWASP Top 10 list, such as SQL Injection, XSS, and the IDOR flaw found in the demo. To reduce false positives, Esprit uses a multi-agent system where a second, specialized agent verifies a potential vulnerability before it gets reported. For engineers looking to build their own AI agents, several open-source frameworks have become the standard. LangGraph, with over 24,800 GitHub stars, is widely used for building stateful, controllable agents for enterprise applications. For developers focused on multi-agent collaboration, CrewAI offers a simpler, role-based approach, while the OpenAI Agents SDK is a lightweight option for creating workflows with built-in tracing and guardrails. The NYC AI startup scene is heavily focused on enterprise applications, attracting 22% of the city's $42.3B in venture funding in 2025. Investors like Lux Capital, Two Sigma Ventures, and Insight Partners are actively funding B2B AI, with recent local funding rounds including a $30M Series B for insurtech company Sixfold AI and a $75M Series C for Rogo, an AI platform for finance. The average AI seed round in NYC is between $2.5M and $4M, with investors expecting to see revenue within 12 months of funding. For those bootstrapping, the story of Tim Bonetto provides a tactical blueprint. A former locksmith, Bonetto taught himself to code using free online resources and built Pallyy, a social media management tool. By focusing on content marketing and SEO, he grew the platform's daily users from 500 to 10,000, eventually scaling the bootstrapped SaaS to $1.2 million in annual revenue with a three-person team. Vertical SaaS, which targets specific industry workflows, is a major opportunity for new founders as horizontal markets become saturated. This approach creates high customer retention due to deep integration into essential business processes. Sectors with significant potential in 2026 include healthcare operations (patient scheduling, compliance), logistics, and financial services, where specialized AI agents can automate niche-specific tasks.