Hey everyone! |
On the flip side of last week's issue about how AI exposes a significant attack surface, this week we're exploring the inflection point in offensive security tooling. Over the past few weeks, I've been watching new releases drop that genuinely change how we approach testing. Not incremental improvements, not "AI-powered" marketing fluff, but actual useful tools. |
Let me break down what I'm seeing. |
|
/ The Autonomous Testing Era is Here |
XBOW just published a blog post titled: Tales from the Trace: How XBOW reasons its way into finding IDORs. |
This blog breaks down how the system is reasoning through authorization testing the same way a human would. It chains reconnaissance, parameter analysis, and access control verification to find IDORs that traditional scanners completely miss. The post walks through real CVEs (CVE-2026-22589, CVE-2026-22588) with traces showing exactly how the AI connected the dots. If you're curious, they're doing a live webinar on Feb 12 walking through the methodology. Worth your time. |
/ Praetorian's 12 Caesars Campaign |
Speaking of AI security tooling, Praetorian just kicked off something ambitious: an open source campaign releasing 12 AI security tools over 12 weeks. |
Julius is a fingerprinting tool for LLM models and DevOps platforms. Shadow AI is everywhere now. Developers spin up ChatGPT wrappers, Claude integrations, and custom model deployments without telling security. Julius does HTTP-based fingerprinting to identify what you're dealing with before you start testing. |
Augustus is an LLM vulnerability scanner with 210+ adversarial attacks baked in. Prompt injection, jailbreaks, encoding exploits, and data extraction. Ships as a single Go binary, connects to 28 providers out of the box. |
|
(Sponsor) | New AI report of 1,800+ security leaders and practitioners |  | New AI report of 1,800+ security leaders and practitioners |
| AI is foundational to security operations, but it hasn’t reduced workload or burnout. 99% of SOCs are already using AI, yet 81% say workloads increased in the past year.
To find out why, Tines surveyed 1,800+ security leaders and practitioners worldwide for their largest Voice of Security report yet. | A few standout stats: | 44% of security work is still manual AI literacy and prompt engineering are the top security skills of 2026 87% report board-level attention to cybersecurity has increased in the last year
| Read the full report here. |
|
|
|
/ six2dez Burp Extension |
Here's one that flew under the radar: six2dez dropped burp-ai-agent |
The extension adds MCP tooling to Burp Suite, which means you can connect Claude Desktop (or Codex, Gemini, Ollama) and let the AI actually drive Burp. Navigate the sitemap, send test requests, verify issues, all autonomously. AI can just... use Burp. Directly. While you focus on the weird edge cases that need human intuition. |
Docs here, plus setup guides for different AI backends. |
/ Thomas Roccia Built "YARA for Prompts" |
On the defensive side, Thomas Roccia from Microsoft Threat Intelligence released NOVA
NOVA is prompt pattern matching. You write rules (like YARA rules for malware) that detect malicious or suspicious prompts. Use it for prompt hunting, use it as a guardrail for your LLM systems, use it for logging attack attempts. |
He even built an MCP server for NOVA so you can integrate it directly as a guardrail in your AI stack. Prompt matches a rule? Execution stops. No match? Continues. Every match gets logged. Very cool. |
|
|
/ Want to Build Your Own Hack Bots?
|
|
All of these tools share something in common: they're taking the patterns and workflows that experienced pentesters use and encoding them into AI systems. Context engineering, tool integration, human-in-the-loop control, task-specific scoping. |
If you've been following my work, you know I've been deep in this space. Building hack bots that actually work on real engagements. Figuring out what fails (a lot) and what actually adds leverage. |
I'm packaging all of that into a new course: Building Hack Bots with Claude Code. |
It's a limited preorder release right now, and the course drops mid-Q2. If you want to stop watching these tools from the sidelines and start building your own, grab a seat. |
|
|
/ Bug Bounty Corner |
/ curl Ends Bug Bounty Program |
Daniel Stenberg announced that the curl project is ending its HackerOne bug bounty program as of February 1, 2026. The reason? AI slop. |
The project has been drowning in low-quality, AI-generated vulnerability reports that waste maintainer time. As The New Stack reported, the volume of garbage submissions has made the program unsustainable. Security reports will now go through GitHub instead. |
This is a canary in the coal mine. If you're running bug bounty submissions through AI without human review, you're part of the problem. If you're a program manager, you're probably feeling curl's pain. The AI slop problem is real and it's degrading signal quality across the industry. |
/ AWS GitHub Repo Hijacking |
Intigriti's Bug Bytes featured a writeup on hijacking official AWS GitHub repositories. Worth a read if you're doing supply chain security research. |
/ GitHub Updated Rewards |
GitHub updated their security rewards policy in January, with critical bugs now paying $30,000+. If you're hunting on GitHub, check the new policy. |
|
/ Critical Vuln Corner
|
n8n Workflow Automation (CVSS 10.0) - If you're running n8n, stop reading and patch. Multiple critical vulns disclosed in January: CVE-2026-21858 (unauth RCE), CVE-2026-21877 (file upload to RCE), CVE-2026-25049 (command injection). Full instance takeover, no auth required. n8n is hiding in a lot of DevOps environments as shadow IT. Hunt it down. |
Microsoft Office Zero-Day - CVE-2026-21509 is being actively exploited in the wild. Added to CISA's KEV catalog with a Feb 16 deadline. If you're in an enterprise, push this one hard. |
BeyondTrust Pre-Auth RCE - CVE-2026-1731 affects Remote Support and older Privileged Remote Access versions. Common in enterprise help desk setups. Prioritize. |
vLLM RCE - CVE-2026-22778 lets attackers achieve full server takeover via a malicious video URL. If you're running vLLM in production, patch immediately.
/ The Prompt Injection Reality Check |
OpenAI published a December blog post about Atlas browser security that everyone should read. Not because of what they fixed, but because of what they admitted: agentic AI faces "fundamental security challenges" that current architectures can't fully solve. |
As TechCrunch reported, OpenAI wrote that prompt injection "is unlikely to ever be fully 'solved.'" The UK's NCSC backed this up in December. |
This matters because every company rushing to ship "AI agents" is shipping vulnerable systems. There's no magic patch coming. This is architectural. If you're doing AI security assessments, this is the quote to put in executive summaries. |
Meanwhile, researchers found 506 prompt injection attacks (2.6% of sampled content) in MoltBook posts targeting AI readers. The "viral AI prompts as malware" threat model is becoming reality. Be very careful what sites you download skills, hooks, and other AI-related downloads from.
|
/ Quick Hits |
BloodHound Scentry - SpecterOps announced a new service to accelerate Attack Path Management. If you're already running BloodHound, worth a look. |
|
/ See you in Denver? |
|
I'll be at Wild West Hackin' Fest Mile High this week (Feb 13-14). If you're attending, come say hi. We have a table! |
I'm giving my Attacking AI: Practical AI Red Team Techniques talk on Thursday at 1pm. Real AI pentest findings, the prompt injection taxonomy, how to actually scope and execute an AI security assessment. Lots of demos, lots of real examples. |
The offensive security tooling landscape is evolving faster than I've ever seen. The teams building these tools are solving real problems we face on engagements every day. Exciting times. |
Happy hacking 😎
-Jason |
https://twitter.com/Jhaddix |
