Xbow ranks 1st in the HackerOne leaderboard in the U.S. /Courtesy of Xbow's official website

Xbow, based in Seattle, Washington, announced on the 24th (local time) that its artificial intelligence (AI) chatbot ranked first on the HackerOne Leaderboard. The HackerOne Leaderboard is famous for ranking the reputations of hackers who have reported security vulnerabilities.

According to the HackerOne website, Xbow ranked first in the vulnerability disclosure program institutional sector with a score of 1,940 from April to June this year, surpassing human hackers. However, in the overall ranking that combines the bug bounty program, it was ranked sixth in the world with a score of 4,174, falling behind top human experts, though it held first place in the United States. The difference between BBP and VDP lies in whether there is a bounty involved.

Nico Weissman, head of the company’s security sector, emphasized, “For the first time in bug bounty history, an autonomous penetration tester has ranked first in the U.S.” He described the company’s product as a “fully autonomous” operational penetration tester that operates with AI. A “penetration tester” is a type of so-called white hat hacker who simulates cyber attack scenarios on systems to discover vulnerabilities and improve security, not for malicious purposes.

Hiring human experts to conduct penetration testing can take several weeks for a single system and cost an average of $18,000 (approximately 24 million won), making it difficult to conduct frequently. Weissman explained that Xbow can operate like a human penetration tester without needing input from a human and complete comprehensive penetration testing in just a few hours.

Oege de Moor, founder and CEO of Xbow and a professor in the Department of Computer Science at Oxford University’s Merton College, explained to Bloomberg News that he considers customers who want to conduct penetration testing continuously or at least somewhat more frequently, as well as those preparing for the actual launch of new products or systems, as the target clientele for their penetration tester chatbot. He noted, “By automating this process, we can completely change the equation,” making it possible to identify vulnerabilities before computer systems are operated in real-world conditions.

Nat Friedman, co-founder of the well-known venture capital firm NFDG and former CEO of GitHub, remarked that while it is exciting to see Xbow’s product “working properly now, it is also somewhat frightening” given “we have entered an era where machines are hacking machines.”

※ This article has been translated by AI. Share your feedback here.