In this episode, we explore the revolutionary concept of autonomous penetration testing with a discussion into Cybersecurity startup XBOW’s recent breakthrough. XBOW claims to have topped HackerOne’s leaderboard using a fully autonomous AI agent, raising significant questions about the future of offensive security. Hosts discuss the potential of AI in pen testing, the implications for pen testers, bug bounty hunters, and security teams, and whether this represents a genuine advancement or just more AI hype.

Thanks to Material Security for sponsoring this episode! Protect your Google Workspace with Material Security—the only detection and response platform purpose-built to secure your emails, data, and accounts before, during, and after an attack. Visit material.security to learn more!

** Links mentioned on the show **

The road to Top 1: How XBOW did it

https://xbow.com/blog/top-1-how-xbow-did-it/

CVE-2025-49493: XML External Entity (XXE) Injection in Akamai CloudTest

https://xbow.com/blog/xbow-akamai-cloudtest-xxe/

** Watch this episode on YouTube **

https://youtu.be/VeOMYBSk3Dk

** Become a Shared Security Supporter **

Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity

** Thank you to our sponsors! **

SLNT

Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.

Click Armor

To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social

Follow us on Mastodon: https://infosec.exchange/@sharedsecurity

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

Contact us: https://sharedsecurity.net/contact

The post Autonomous Hacking? This Startup May Have Just Changed Penetration Testing Forever appeared first on Shared Security Podcast.