pwnkit is 0sec's autonomous hacking engine that executes agent-native security testing to find and verify critical vulnerabilities.

How does pwnkit eliminate false positives?

pwnkit's Verify agent independently re-exploits every finding. If it can't reproduce the vulnerability, the finding is killed as a false positive. Only confirmed vulnerabilities with working proof-of-concept code make it into the final report.

How much does pwnkit cost?

pwnkit is available through the 0sec platform. Contact us for pricing details.

What can pwnkit scan?

pwnkit scans AI/LLM apps, web apps, packages, and source repositories using an autonomous, agent-native hacking loop to find and verify vulnerabilities.

How does pwnkit compare to XBOW?

pwnkit publishes its benchmark methodology and evidence ledger publicly. 99 of 104 on the XBOW benchmark with full traces, per-model breakdowns, and methodology documented on the benchmark page.

How is 0sec different from the other AI pentest platforms?

The pwnkit engine powers the cloud product with autonomous orchestration, evidence handling, and autonomous re-exploitation of every finding. Security teams can audit benchmark methodology and review the full evidence chain for every finding.

Can 0sec be used for SOC 2, ISO 27001, or customer security questionnaires?

Use it as supporting security evidence, not as a SOC 2 or ISO 27001 certification claim. Findings are shaped to include the transcript, proof, and review status so engineering and security reviewers can inspect the work.

Can 0sec run against production?

Only inside an agreed scope, with an action allowlist and stop procedure defined before testing. If production is not appropriate, the engagement runs against an authenticated mirror instead.

Does pwnkit train models on customer data?

No shared training claim is part of the product. Customer data handling, retention, and deletion are defined in the engagement scope before work starts.

AI hackers
for enterprise.

We're an applied research lab, rebuilding cybersecurity for the AI era.

What we do Get hacked

TTStats

Python

React

How we secure 279,499,247 downloads.

Step 1 · Scope

Tell it a target.

Point it at a web app, API, package, repo, or AI agent — and set what's off-limits.

Step 2 · Attack

It tries to break in.

Injection, broken access, logic bugs, prompt injection — it goes after real ways in, like an actual attacker.

Step 3 · Verify

It proves what's real.

Every finding is re-exploited from scratch. If it can't break the same way twice, it's thrown out.

Step 4 · Triage

No false alarms.

Duplicates and scanner noise are filtered out. You only see what actually works.

Step 5 · Proof

You get working proof.

A real exploit, the steps, and a script to replay it yourself — straight to your engineers.

import { verify } from "crypto" const token = req.headers.authorization if (!assertAccess(org)) return exec(`curl ${userInput}`) eval(serialize(body)) db.query(`SELECT * WHERE id=${id}`) fs.readFile(path.join(base, userPath)) child_process.spawn(cmd, {shell: true}) new Function(untrusted)() res.send(template(userHtml)) jwt.verify(tok, none) import { verify } from "crypto" const token = req.headers.authorization if (!assertAccess(org)) return exec(`curl ${userInput}`) eval(serialize(body)) db.query(`SELECT * WHERE id=${id}`) fs.readFile(path.join(base, userPath)) child_process.spawn(cmd, {shell: true}) new Function(untrusted)() res.send(template(userHtml)) jwt.verify(tok, none) import { verify } from "crypto" const token = req.headers.authorization if (!assertAccess(org)) return exec(`curl ${userInput}`) eval(serialize(body)) db.query(`SELECT * WHERE id=${id}`) fs.readFile(path.join(base, userPath)) child_process.spawn(cmd, {shell: true}) new Function(untrusted)() res.send(template(userHtml)) jwt.verify(tok, none) import { verify } from "crypto" const token = req.headers.authorization if (!assertAccess(org)) return exec(`curl ${userInput}`) eval(serialize(body)) db.query(`SELECT * WHERE id=${id}`) fs.readFile(path.join(base, userPath)) child_process.spawn(cmd, {shell: true}) new Function(untrusted)() res.send(template(userHtml)) jwt.verify(tok, none)

paperclip·GHSA-47wq-cj9q-wpmpcriticaljsPDF·CVE-2026-31938criticaljsPDF·CVE-2026-31898highnode-forge·CVE-2026-33896highprotobuf.js·CVE-2026-44289highyaml·CVE-2026-33532mediummysql2highLiquidJS·CVE-2026-30952highUptime Kuma·CVE-2026-33130mediumpaperclip·GHSA-47wq-cj9q-wpmpcriticaljsPDF·CVE-2026-31938criticaljsPDF·CVE-2026-31898highnode-forge·CVE-2026-33896highprotobuf.js·CVE-2026-44289highyaml·CVE-2026-33532mediummysql2highLiquidJS·CVE-2026-30952highUptime Kuma·CVE-2026-33130mediumpaperclip·GHSA-47wq-cj9q-wpmpcriticaljsPDF·CVE-2026-31938criticaljsPDF·CVE-2026-31898highnode-forge·CVE-2026-33896highprotobuf.js·CVE-2026-44289highyaml·CVE-2026-33532mediummysql2highLiquidJS·CVE-2026-30952highUptime Kuma·CVE-2026-33130mediumpaperclip·GHSA-47wq-cj9q-wpmpcriticaljsPDF·CVE-2026-31938criticaljsPDF·CVE-2026-31898highnode-forge·CVE-2026-33896highprotobuf.js·CVE-2026-44289highyaml·CVE-2026-33532mediummysql2highLiquidJS·CVE-2026-30952highUptime Kuma·CVE-2026-33130medium

Our autonomous systems
hack your software to secure it.

We saturated the benchmark

99 of 104 on XBOW — the highest public score. The benchmarks ran out of headroom, so we turned the engine on real software.

0-days, down to the kernel

Most tools stop at the app layer. We've found multiple 0-days in the Linux kernel — our code now protects 10+ billion devices.

Reviewed by engineers at Intel and the Linux Foundation.

See it for yourself in Linus’s tree

Agent-native by design

A closed, autonomous loop — recon, exploit, verify, report — that picks its next move from how the target responds.

Proven by exploitation

Every vulnerability is re-exploited from scratch. If the agent can't replicate the breach, it's discarded — not flagged for you to chase.

Verifiable, not vibes

Our benchmark methodology is public, and every result ships with replayable proof you can inspect. Trust the evidence, not the marketing.

End-to-end.
On any software,
black-box or white-box.

We break your software,
not your trust.

You set the rules

Every scan runs in an isolated sandbox, fenced to a scope you set — allowed hosts, rate limits, a kill switch. It can’t wander off-target.

Secrets stay sealed

Exploit proof exposes real secrets — we redact them and encrypt the rest per-org, opened only by you and logged on every access.

Your data stays yours

Strict per-org isolation. Your targets and findings never touch another customer — and never train someone else’s model.

Questions we answer before you ask.

0sec is in private release.

Get hacked

AI hackers for enterprise.