Systems that decide what to do next > traditional tools
That’s the advantage of agentic AI: discovery, prioritization, and broader coverage.
Our Head of AI, Albert Ziegler, discusses how systems don’t just run tests; they choose what to test next in Cyber Security Tribe: https://bit.ly/4lZzo0y
AI found critical vulnerabilities in Microsoft software, autonomously.
XBOW identified 3 critical RCEs, including one of the most severe issues in March’s Patch Tuesday and two in Bing with potential SYSTEM-level impact.
No source code. Real environments. Real CVEs.
https://bit.ly/4bNBgWT
XBOW has been named to the 2026 Cyber 150 by IT-Harvest.
This recognition reflects the momentum behind a new approach to offensive security—continuous, autonomous, and built to surface real risk earlier.
See the full list: https://bit.ly/4m6ZNtJ
The 2026 #ET30 from Wing Venture Capital and Newcomer highlights what’s next. XBOW is part of it.
Recognition like this signals a shift. Offensive security is becoming a core layer of the AI-era enterprise.
See the full list: https://bit.ly/3OeNNtr
Today, XBOW is available with EU Data Residency.
Same XBOW. Same depth of testing.
Now with all security assessment data staying in the EU.
EU Data Residency is available in Private Preview for Enterprise customers.
If this is something you're thinking about, start here: https://bit.ly/3NZ8ZU2
AuthN/AuthZ bugs are notoriously hard for automated tools to find.
Brendan Dolan-Gavitt and Vincent Olesen show how AI agents and validators confirm real exploit paths from auth bypass to privilege escalation.
See the full demo from [un]prompted 2026: https://bit.ly/3NORQwg
That’s a wrap on #RSAC!
We came, we saw, we showed the power of continuous exploit-validated testing and what it unlocks for modern security operations. 🏹
Thanks to everyone who stopped by our booth, tuned into our fireside chat, and booked a meeting this week. 🙌
Thanks to everyone who joined our fireside chat on “The Chaos Phase" at RSAC!
AI isn’t just changing the threat landscape; it’s accelerating it. Attacks are continuous, autonomous, & outpacing defenses.
Great insights from our speakers on what this shift means and how security leaders can respond.
How do you secure systems with AI when it’s also widening the attack surface?
Unconstrained agents = new risk vectors
Guardrailed agents = continuous, scalable defense
XBOW applies motive, method, and opportunity to safely test systems with AI.
Albert Ziegler on the model ➡️ https://bit.ly/4lPXFGz
The future is zero days away. Find us at #RSAC to learn how autonomous offensive security can help you prepare.
🔍 See XBOW in action
💡Gain expert insights
👕 Pick up swag
🎁 Win giveaways
Stop by Booth #1843 for day three of RSAC!
XBOW is now valued at $1B+ following a $120M round led by DFJ Growth and NorthZone VC.
Security can’t stay reactive when attacks are becoming autonomous.
Our CEO discusses how this is just the beginning in @bloomberg.com: https://bloom.bg/4bvMTSf
XBOW is redefining pentesting.
AI is accelerating threats; we’re using it to strengthen the offense behind your defense.
Built with AI. Trained by hackers. Backed by humans.
Watch our CISO, Nico Waisman, on theCUBE:
https://bit.ly/3PldbOy
At RSAC? Meet us at Booth #1843.
Have you locked in your spot at our fireside chat yet? https://xbow.com/rsa-ciso-lunch-2026
TOMORROW at #RSAC, our CISO, Nico Waisman, joins Jason Haddix, CEO of Arcanum Information Security, and OpenAI’s Dave Aitel to dig into the “Chaos Phase”.
📅 3/25
🕧 12pm – 2pm PST
🏢 Modi
🏁 #RSAC 2026 starts now.
If you’re on the show floor, kick things off with XBOW!
Join us at Booth #1843 and let our team show you the next revolution in cybersecurity: AI-powered continuous offense.
At RSAC, XBOW + Microsoft are showing continuous offensive security in practice, running directly inside Security Copilot and integrated into Sentinel.
As Kevin Magee (Microsoft for Startups) put it: "What XBOW is demonstrating…represents a different approach."
Read more ↓
https://bit.ly/4dEtZdf
XBOW + @microsoft.com: continuous pentesting, now inside Microsoft Security.
🚀 Launch tests from Security Copilot
🔍 Validated findings → Sentinel
📐 Attack paths mapped to live telemetry
No more periodic tests or report lag.
test → validate → detect → remediate → retest
🔗 https://bit.ly/4c0ZXiA
Attackers don’t sleep anymore. AI made sure of that.
In ISMG, our CEO outlines the constraint: AI scales offense, so security must be continuous & autonomous to keep up.
Our $120M Series C is about scaling this model at the exact moment the industry needs it most.
Read on: https://bit.ly/477DRZa
Hackers already use AI. So do we.
“Agentic AI systems amplify what humans can do.”
XBOW fights hackers with AI built by elite security experts, scaling cyber defense in speed and impact at a crucial time.
Our Founder & CEO discusses how XBOW’s Series C funding enables this: https://bit.ly/4bAlf5u
Most of the XBOW founders, at our first offsite in 2024.
Almost all of the XBOW team, at our most recent offsite in 2026.
XBOW joined the unicorn club today!
When we founded this, we had no idea whether using AI for pentesting was even possible. Back then, it honestly wasn't! So hearing a customer gasp and say "it's acting like a nation-state attacker" has made 2 years of work feel worth it.
xbow.com/news/xbow-ra...
Technology proven ✅ Market fit proven ✅
Now we scale 🏹
We’ve raised a $120M Series C, valuing XBOW at $1B+.
As AI speeds up attackers, defenders need the same edge.
We’re bringing autonomous offensive security to the industry at the moment it matters most.
Read more: https://bit.ly/4lA033O
Meet the XBOW team at #RSAC2026.
Book time at our booth to see how autonomous penetration testing eliminates noise and measures real risk: https://bit.ly/4183yoQ
Get to know our team 👇
The International AI Safety Report 2026 concludes that fully autonomous attacks aren’t here yet…the experiences of teams deploying real-world autonomous offense tell a different story.
Explore the gap between assumption and operational reality in our latest blog: https://bit.ly/4sjKrnN
At RSAC, our CISO, Nico Waisman, will sit down with Jason Haddix, CEO of Arcanum Information Security, and OpenAI’s Dave Aitel to dive into the “Chaos Phase” - what it is and how security leaders should respond.
Join the discussion: https://bit.ly/402mXXQ
📅 3/25
🕧 12pm – 2pm PST
🏢 Modi
In a historic first for Microsoft, XBOW, an autonomous pentesting system, discovered and reported a critical unauthenticated remote code execution vulnerability in the Microsoft Devices Pricing Program (CVE-2026-21536). https://bit.ly/4s2u8vq
Is LLM-based code review enough?
Although it’s an important security tool, it’s just one part of a full program.
Why? Because there’s a mismatch between how LLMs reason and how vulns actually exist in the real world.
We explore this topic and more on our blog. Dive in: https://bit.ly/4qZxqPi
Pentesting doesn’t start with hacking. It starts with a scoping call.
Now XBOW takes one too. Feed it API specs, priorities, attack strategies—the same context you’d give a human pentester. It runs autonomously from there.
Public Preview for Assessment Guidance is now live: https://bit.ly/47DIrOM
The XBOW autonomous offensive security platform tests the security of running applications.
So does DAST.
What's the difference?
XBOW was built from the ground up for a world where developers and cyberattackers are fueled by AI.
Explore the full side-by-side breakdown: https://bit.ly/3OTPdJS
XBOW has been named to the 2026 Cyber 150! 🎉
With AI Security leading the number of vendors recognized this year, this year’s list highlights AI’s growing role in building cyber resilience.
Proud to be among the fastest-growing mid-size cybersecurity companies worldwide. Full list: bit.ly/4s9XMir
In honor of #IWD2026 yesterday, we’re taking a moment to celebrate the women across our teams and communities whose work drives meaningful change every day.
To celebrate, our arbalists 🏹 are reflecting on the power of uplifting others, leading with generosity, and championing diverse perspectives.
DAST vs. XBOW AI pentesting.
Both test running applications, but they diverge in how they think, adapt, and validate vulnerabilities.
We break down the methodology and benchmark data behind each approach.
Read the full comparison in our latest blog: https://bit.ly/3OTPdJS
