0sec is an autonomous hacking engine that executes agent-native security testing to find and verify critical vulnerabilities.

How does 0sec eliminate false positives?

0sec's verify agent independently re-exploits every finding. If it can't reproduce the vulnerability, the finding is killed as a false positive. Only confirmed vulnerabilities with working proof-of-concept code make it into the final report.

How much does 0sec cost?

Pricing is per engagement, based on what you need tested and how often. Contact us for details.

0sec scans AI/LLM apps, web apps, packages, and source repositories using an autonomous, agent-native hacking loop to find and verify vulnerabilities.

How does 0sec compare to XBOW?

0sec solved 103 of 104 challenges on the XBOW benchmark. Every solve is backed by a full exploit receipt (the agent conversation trace plus the captured flag) that is independently auditable under NDA.

How is 0sec different from the other AI pentest platforms?

Our engine re-exploits every finding from scratch in a blind pass and kills it if it cannot reproduce, so what reaches you is what actually worked. The cloud product adds scoped orchestration, encrypted evidence handling, and recurring runs.

Can 0sec be used for SOC 2, ISO 27001, or customer security questionnaires?

Use it as supporting security evidence, not as a SOC 2 or ISO 27001 certification claim. Findings are shaped to include the transcript, proof, and review status so engineering and security reviewers can inspect the work.

Can 0sec run against production?

Only inside an agreed scope, with an action allowlist and stop procedure defined before testing. If production is not appropriate, the engagement runs against an authenticated mirror instead.

How does 0sec handle our data?

Your data is isolated to your org and never shared with another customer. How it is used, stored, retained, and deleted is set in the agreement signed before any engagement.

AI hackers
for enterprise.

We're a Swiss applied research lab, rebuilding cybersecurity for the AI era.

Built to protect global enterprises, military & defence.

Where failure is not an option.

LIVE FINDINGS

import { verify } from "crypto" const token = req.headers.authorization if (!assertAccess(org)) return exec(`curl ${userInput}`) eval(serialize(body)) db.query(`SELECT * WHERE id=${id}`) fs.readFile(path.join(base, userPath)) child_process.spawn(cmd, {shell: true}) new Function(untrusted)() res.send(template(userHtml)) jwt.verify(tok, none) import { verify } from "crypto" const token = req.headers.authorization if (!assertAccess(org)) return exec(`curl ${userInput}`) eval(serialize(body)) db.query(`SELECT * WHERE id=${id}`) fs.readFile(path.join(base, userPath)) child_process.spawn(cmd, {shell: true}) new Function(untrusted)() res.send(template(userHtml)) jwt.verify(tok, none) import { verify } from "crypto" const token = req.headers.authorization if (!assertAccess(org)) return exec(`curl ${userInput}`) eval(serialize(body)) db.query(`SELECT * WHERE id=${id}`) fs.readFile(path.join(base, userPath)) child_process.spawn(cmd, {shell: true}) new Function(untrusted)() res.send(template(userHtml)) jwt.verify(tok, none) import { verify } from "crypto" const token = req.headers.authorization if (!assertAccess(org)) return exec(`curl ${userInput}`) eval(serialize(body)) db.query(`SELECT * WHERE id=${id}`) fs.readFile(path.join(base, userPath)) child_process.spawn(cmd, {shell: true}) new Function(untrusted)() res.send(template(userHtml)) jwt.verify(tok, none)

paperclip·GHSA-47wq-cj9q-wpmpcriticaljsPDF·CVE-2026-31938criticaljsPDF·CVE-2026-31898highnode-forge·CVE-2026-33896highprotobuf.js·CVE-2026-44289highyaml·CVE-2026-33532mediummysql2highLiquidJS·CVE-2026-30952highjsonata·CVE-2026-52746highUptime Kuma·CVE-2026-33130mediumLinux · Bluetooth·mergedhighLinux · NFC LLCP·reportedhighLinux · NFC digital·reportedhighLinux · mac802154·reportedmediumpaperclip·GHSA-47wq-cj9q-wpmpcriticaljsPDF·CVE-2026-31938criticaljsPDF·CVE-2026-31898highnode-forge·CVE-2026-33896highprotobuf.js·CVE-2026-44289highyaml·CVE-2026-33532mediummysql2highLiquidJS·CVE-2026-30952highjsonata·CVE-2026-52746highUptime Kuma·CVE-2026-33130mediumLinux · Bluetooth·mergedhighLinux · NFC LLCP·reportedhighLinux · NFC digital·reportedhighLinux · mac802154·reportedmediumpaperclip·GHSA-47wq-cj9q-wpmpcriticaljsPDF·CVE-2026-31938criticaljsPDF·CVE-2026-31898highnode-forge·CVE-2026-33896highprotobuf.js·CVE-2026-44289highyaml·CVE-2026-33532mediummysql2highLiquidJS·CVE-2026-30952highjsonata·CVE-2026-52746highUptime Kuma·CVE-2026-33130mediumLinux · Bluetooth·mergedhighLinux · NFC LLCP·reportedhighLinux · NFC digital·reportedhighLinux · mac802154·reportedmediumpaperclip·GHSA-47wq-cj9q-wpmpcriticaljsPDF·CVE-2026-31938criticaljsPDF·CVE-2026-31898highnode-forge·CVE-2026-33896highprotobuf.js·CVE-2026-44289highyaml·CVE-2026-33532mediummysql2highLiquidJS·CVE-2026-30952highjsonata·CVE-2026-52746highUptime Kuma·CVE-2026-33130mediumLinux · Bluetooth·mergedhighLinux · NFC LLCP·reportedhighLinux · NFC digital·reportedhighLinux · mac802154·reportedmedium

Let our army of AI agents hack your software, and secure it.

We saturated the benchmark

103 of 104 on XBOW, every solve backed by an auditable receipt. The benchmarks ran out of headroom, so we turned the engine on real software.

torvalds/linuxbfea609

0-days, at the deepest levels of software

Most tools stop at the app layer. We’ve found multiple vulnerabilities in the Linux kernel, with fixes landing in mainline and our code running on billions of devices.

Reviewed on the kernel lists by maintainers at Intel, Red Hat, Google & Meta.

Agent-native by design

A closed, autonomous loop — recon, exploit, verify, report — that picks its next move from how the target responds.

Proven by exploitation

Every vulnerability is re-exploited from scratch. If the agent can't replicate the breach, it's discarded — not flagged for you to chase.

Verifiable, not vibes

Our benchmark methodology is auditable under NDA, and every result ships with replayable proof you can inspect. Trust the evidence, not the marketing.

How we protect 3,403,426,843 installations.

Step 1 · Scope

Tell it a target.

Point it at a web app, API, package, repo, or AI agent — and set what's off-limits.

Step 2 · Attack

It tries to break in.

Injection, broken access, logic bugs, prompt injection — it goes after real ways in, like an actual attacker.

Step 3 · Verify

It proves what's real.

Every finding is re-exploited from scratch. If it can't break the same way twice, it's thrown out.

Step 4 · Triage

No false alarms.

Duplicates and scanner noise are filtered out. You only see what actually works.

Step 5 · Proof

You get working proof.

A real exploit, the steps, and a script to replay it yourself — straight to your engineers.

End-to-end. On any software, black-box or white-box.

We break your software,
not your trust.

You set the rules

Every scan runs in an isolated sandbox, fenced to a scope you set — allowed hosts, rate limits, a kill switch. It can’t wander off-target.

Secrets stay sealed

Exploit proof exposes real secrets — we redact them and encrypt the rest per-org, opened only by you and logged on every access.

Your data stays yours

Strict per-org isolation. Your targets and findings never touch another customer — and never train someone else’s model.

AI hackers
for enterprise.

Built to protect global enterprises, military & defence.

Let our army of AI agents hack your software, and secure it.

We saturated the benchmark

0-days, at the deepest levels of software

Agent-native by design

Proven by exploitation

Verifiable, not vibes

How we protect 3,403,426,843 installations.

Tell it a target.

It tries to break in.

It proves what's real.

No false alarms.

You get working proof.

End-to-end. On any software, black-box or white-box.

We break your software,
not your trust.

You set the rules

Secrets stay sealed

Your data stays yours

Questions we answer before you ask.

Think you’re secure? Let’s see about that.

AI hackersbreaking your software.for enterprise.for enterprise.

Built to protect global enterprises, military & defence.

Let our army of AI agents hack your software, and secure it.

We saturated the benchmark

0-days, at the deepest levels of software

Agent-native by design

Proven by exploitation

Verifiable, not vibes

How we protect 3,403,426,843 installations.

Tell it a target.

It tries to break in.

It proves what's real.

No false alarms.

You get working proof.

End-to-end. On any software, black-box or white-box.

We break your software,not your trust.

You set the rules

Secrets stay sealed

Your data stays yours

Questions we answer before you ask.

Why do you do this?

How is this different from the other AI pentest platforms?

Can I use this for SOC 2, ISO 27001, or customer security questionnaires?

Can you run this against production?

How do you handle our data — training, retention, and deletion?

Where is the pricing?

Think you’re secure? Let’s see about that.

AI hackers
for enterprise.

We break your software,
not your trust.