Mythos

I wrote something: sockpuppet.org/blog/2026/03...

if you are in a position to act to harden society’s software infrastructure, you too should be very concerned about this and planning what actions you will take over the coming months

Very kind! :) I feel a bit guilty for not being able to maintain it properly, but I ended up backing a losing horse (NVIDIA’s Triton inference engine, which they have now fully deprecated) and the cost of switching to something else was too high

Episode 23: War Stories with Brendan Dolan-Gavitt (XBOW)!

@tib3rius.bsky.social & @swiftsecur.bsky.social are joined by @moyix.net who shares some AI and human war stories with us!

Links below!

Black Hat Black Hat

"AI Agents for Offsec with Zero False Positives" by @moyix.net

The title threw me off originally, but it's not wrong! IMHO it's the archetypal pattern of good LLM usage: they suck at *verifying* but in some domains are quite freakishly good at *proposing.*

I had an amazing time at NYU and am particularly grateful to have had the opportunity to meet and advise so many incredible students. But right now is a unique moment in the history of computer science and I believe it’s one that, for me, is best pursued outside of academia.

So, I’m not sure there is any good time to announce this, but as of August 31st I will be leaving NYU for good, to seek my fortune in industry with XBOW!

False positives waste your time.
False negatives cost you breaches.

At @BlackHatEvents , @moyix shows how XBOW agents fight false positives — validating real exploits at scale, in hours.

📍Aug 7 | 11:20am

I think this is the coolest of the vulns / exploits it came up with on our climb to #1 on HackerOne, but I am open to the possibility that it will find something even cooler tomorrow :)

Such a cool exploit needs commensurately cool bling, so Alvaro (who wrote up the excellent post on this vuln) created this lovely little TUI so you can watch as it exfiltrates files from your server byte by byte

So how do you precisely read a byte? Easy: you ask for the pixel histogram of a raw image consisting of byte [i...i+1] of the file. And you get back something like

histogram: [0, 0, 1, 0, 0], [59.8, 59.9, 60.0, 60.1, 60.2]

Telling you that the byte is ASCII 60 ('<')

The second trick is also quite lovely. It had found that it could read arbitrary files, but how to return the data? The secret was in a /statistics endpoint that, among other things, could provide a histogram of the pixel values.

To decode it, XBOW had to realize that the file contents had been encoded using an encoding that stores pixels as deltas from the previous pixel. So cool!

There are not one, but two different super-cool exfil tricks in this post. The first gets the app to exfiltrate the content of an arbitrary URL by encoding its bytes as raw pixels, giving the image we saw earlier.

XBOW – Another Byte Bites the Dust - How XBOW Turned a Blind SSRF into a File Reading Oracle A complete arbitrary local file read vulnerability achieved through an ingenious byte-by-byte exfiltration technique.

The trick to how it did it is in this post: xbow.com/blog/xbow-ti... Some details below...

A screenshot of OSX preview, showing an image "output.png" with a file encoded as greyscale pixel data. The image is a long, thin strip going from left to right with various greyscale pixels.

Can you read the exfiltrated file encoded in this image? @xbow.com figured out how to :D

Thanks! Should be fixed

This one and the sequel (coming out next week) are among my favorite bugs we found. It turns out GIS does NOT stand for “Good Information Security”

Any grad student could tell you that's not true. You can get free lunch by just showing up to the start of the seminar, grabbing a slice of pizza, and getting away while the speaker is trying to get their laptop connected to AV

All credit here to Albert Ziegler, who came up with the idea and wrote a beautifully clear post about it :D I think this blog is also the most info we've released about how our agent actually works!

XBOW – Agents Built From Alloys A simple, powerful innovation boosts performance in agentic AI systems.

Given two models with unique strengths, can we combine them to get the benefits of both w/o extra model calls? It turns out yes: just flip a coin at each turn to decide which model to query! This gave a jump from 25% to 55% on our benchmarks! xbow.com/blog/alloy-a...

XBOW – XBOW battles Ninja Tables: Who’s the Real Ninja? Sharing the story of how XBOW sniffed out a sneaky arbitrary file read bug in the popular WordPress Ninja Tables plugin.

Loved this 0day @xbow.com found in a popular wordpress plugin, and IMO it shows the value added by the LLM - a scanner can't find this automatically without realizing there's a nonce you need to extract & include in the request. You need that extra bit of context: xbow.com/blog/xbow-ni...

So... anyone else going to SummerCon today or tomorrow? I should be stopping by both days, for the first time in many years!

Easy:
0: not interesting or true
1: interesting
2: true
3: interesting and true

Yeah! Thinking back to even 18 months ago, it's kind of crazy to me that LLM agents actually kinda work?

A lovely little XXE that XBOW found in Akamai Cloudtest leading to arbitrary file read! I like the error-based exfil technique: "yes please access the file named <contents of /etc/passwd> for me thx"

AI Agents Are Getting Better at Writing Code—and Hacking It as Well One of the best bug-hunters in the world is an AI tool called Xbow, just one of many signs of the coming age of cybersecurity automation.

One of the best bug-hunters in the world is an AI tool called Xbow, just one of many signs of the coming age of cybersecurity automation.

This is the first of a series of posts we're doing on some of the vulns found as part of the HackerOne work – we have lots more fun ones coming up about some great SSRF, SQLi, and RCE vulns it discovered, with very clever exploit techniques :)

It has been great fun building this and watching it deliver a steady stream of real vulnerabilities in live sites! If you're curious how we did it, @nicowaisman.bsky.social has a new post: xbow.com/blog/top-1-h...