Autonomous AI Hackers Are Already Beating Humans on HackerOne
Oege de Moor, founder and CEO of XBOW, argues that autonomous AI hacking has moved from assistance to real exploitation. In an AI Ascent 2026 talk, he says XBOW’s system reached the top of HackerOne using only black-box access, found a remote code execution flaw in Bing Image Search from a URL alone, and would have been three times more effective with GPT-5. His warning is that defenders have six to nine months before comparable open-weight models make the same capabilities broadly available, including to attackers.
Sequoia Capital·May 7, 2026·6 min read
