pwn.ai unveils vulnerability‑finding AI

Software flaws are the hidden mistakes that let attackers slip past locks, and pwn.ai says it has built an artificial intelligence system to find those mistakes automatically. (pwn.ai) The company’s website says the product is an “autonomous penetration testing” platform built by Octagon Networks, a security research firm that says it has published more than 50 Common Vulnerabilities and Exposures, or CVEs, since 2019. (pwn.ai, pwn.ai) In plain terms, penetration testing is a paid break-in attempt: a company gives a target, the tester maps the attack surface, tries to chain bugs together, and proves what can actually be exploited. pwn.ai says its system crawls applications, tests authentication flows and injection points, and returns proof-of-concept exploit code instead of a list of unverified alerts. (pwn.ai) That pitch lands as software security teams are drowning in volume. The Common Vulnerabilities and Exposures program says its catalog now contains more than 325,000 publicly disclosed vulnerabilities, and the United States Cybersecurity and Infrastructure Security Agency keeps a separate list for flaws already exploited in the wild. (cve.org, cisa.gov) The company is selling speed as much as discovery. Its homepage says a manual engagement can take weeks and cost six figures, while its platform delivers findings “in hours” and lets customers rerun tests after fixes. (pwn.ai) pwn.ai is also presenting the system as more than a scanner. Its site says the software does not stop at the Open Worldwide Application Security Project Top 10 list of common web bugs, but tries to chain lower-severity issues into higher-impact attack paths the way a human red team would. (pwn.ai) The company has used its own research to back that claim. In a recent write-up, pwn.ai said its system spent nearly five days auditing ImageMagick, a widely used image-processing library, and found a chain of file-read, file-write and remote-code-execution issues starting from a single upload feature. (pwn.ai) That approach sits inside a broader shift in offensive security. Trend Micro’s Zero Day Initiative added an artificial intelligence category to Pwn2Own Berlin 2025, where contestants won cash awards for exploits against artificial intelligence software. (securityweek.com), Zero Day Initiative) The immediate question is whether customers and software vendors treat machine-found bugs like human-found bugs: as defects that need reproducing, patching and coordinated disclosure. pwn.ai’s product page says it reports only issues it can exploit, which is its argument that the machine is acting less like a scanner and more like a researcher. (pwn.ai)