XBOW’s Oege de Moor Says Autonomous AI Hackers Are Already Winning

Published 2026-05-06 - Runtime about 9 min - Watch on YouTube

Autonomous AI hacking is already past theory: de Moor says XBOW can find real vulnerabilities with black-box inputs, rank at the top of HackerOne, and do it cheaply enough to change attacker economics. The urgent claim is that model progress is outpacing defensive readiness, so exploit discovery is becoming faster than disclosure.

What Matters

• XBOW found a Bing Image Search remote code execution bug from only a URL input, with a $3,000 list price.
• The system starts with reconnaissance, prioritizes the juiciest endpoints, then tries relevant attack types like a human operator.
• XBOW entered HackerOne last year, hit #1 in the U.S. within weeks, and became #1 globally in August 2025.
• de Moor says the leaderboard run used a model alloy: Sonnet 4.0 and Gemini 2.5 alternating at each step.
• He claims GPT-5 would have made the same system at least 3x better than XBOW’s August 2025 version.
• White-box code analysis is not enough, he argues; the real question is whether a flaw is exploitable in the wild and what it reaches.
• The CVE delay has gone negative: many bugs are being exploited before public disclosure, not after.
• His timeline: 6 to 9 months before open-weight models match these capabilities, compressing the gap between defenders and bad actors.