Logo

Your AI teammate
for security

Hacktron collaborates in your workflow,
identifies real vulnerabilities, and empowers
developers like a senior security engineer.

Start for free Book a demo
backed by
Crane Venture Partners Project Europe Cambridge Enterprise Ventures
with investors from
Sequoia Google DeepMind Perplexity Assetnote Vercel OtterSec Meta
ABOUT

Stop chasing alerts. Start fixing what's real.

You probably use lots of security tools.

You probably get lots of alerts.

You probably spend lots of time chasing them down.

But in the end, how many of them were actually worth your time?

Hacktron finds exploitable vulnerabilities and helps your team fix what matters.

Built by elite hackers who've spent careers exploiting the most complex and high-value targets, we operate by one principle: PoC || GTFO.

trusted by
Perplexity
Supabase
Yoto
Gumroad
PRODUCT

Catch vulnerabilities before they ship.

Continuously surfaces exploitable vulnerabilities in pull requests, with enough context for your security team to triage and prioritize without chasing down developers.

Start 14-Day Free Trial
PR Review
TESTIMONIALS

We protect the teams building tomorrow

When you're shipping the future, you don't get second chances. Here's why the world's most ambitious engineering teams trust us.

The Hacktron team helped us uncover and remediate sophisticated vulnerabilities across our most critical systems incredibly quickly.

Their expertise brought immediate, measurable value to our security program, and I could not be more impressed with the results.

Kyle Polley

Kyle Polley

Head of Security
Perplexity
Perplexity

Hacktron’s coordinated disclosure of their AI-augmented security research and rapid validation helped us quickly identify and close a subtle but serious vulnerability chain.

Their approach represents the cutting edge of modern security research.

Bil Harmer

Bil Harmer

CISO
Supabase
Supabase

We were genuinely impressed by Hacktron's speed and the results.

This is how the future of security testing looks like.

Filip Denker

Filip Denker

Co-Founder & CTO
Yoto
Yoto
PRICING
Basic Application

$40/ developer / mo.

Detect vulnerabilities automatically in your development workflow.

Start 14-Day Free Trial
Includes

Unlimited PR security reviews for your entire team

Fix with AI using prompts delivered in PR comments

Auto-assigns coverage to new developers on their first PR

GitHub, GitLab, and Bitbucket integrations

Enterprise

Custom pricing

For engineering orgs that need security embedded at scale.

Contact Us
Everything in Basic Application, plus

Enterprise-grade modules with custom rule configuration per repo

Custom integrations with your existing security toolchain

SSO, audit logs, and role-based access controls

24/7 priority support with a dedicated account team
ADVISORIES

Real vulnerabilities. Real impact.

Attackers are leveraging AI to identify and exploit vulnerabilities before they are known to defenders, and long before CVEs are eventually disclosed.

We work responsibly with vendors to secure the software making up the backbone of the Internet.

View advisories Meet the team

HTAI-001

Critical BeyondTrust

Pre-Auth RCE in BeyondTrust Remote Support & PRA

Pre-Authentication Remote Code Execution via deserialization vulnerability in BeyondTrust Remote Support and Privileged Remote Access (PRA) products.

ID
HTAI-001
Vendor
BeyondTrust
Reported
Jan 31, 2026
Type
RCE
Published Feb 6, 2026 Full details
LATEST

Hear the latest from our team

Security research, company updates, and more.

hacktron

I Let Claude Opus Write a Chrome Exploit: The Next Model (Mythos?) Won't Need My Help?

I pointed Claude Opus at Discord's bundled Chrome (version 138, nine major versions behind upstream) and asked it to build a full V8 exploit chain. The V8 OOB we used was from Chrome 146, the same version Anthropic's own Claude Desktop is running. A week of back and forth, 2.3 billion tokens, $2,283 in API costs, and about ~20 hours of me unsticking it from dead ends. It popped calc.

hacktron

Pre-Auth RCE in OpenAM via jato.clientSession (CVE-2026-33439)

Hacktron AI discovers a critical pre-authentication RCE in OpenAM through a forgotten deserialization parameter that the original CVE-2021-35464 fix missed.

hacktron

vinext: Vibe-Hacking Cloudflare's Vibe-Coded Next.js Replacement

Cloudflare built a Next.js replacement in a week with AI for $1100. We pointed Hacktron at it to find what the tests missed.

hacktron

Turning Cluely Into Malware

How we found a vulnerability in Cluely's Electron app that let any website silently capture screenshots, record audio, and exfiltrate everything - all because of a missing will-navigate handler.

View More
SEE IT IN ACTION

Hire your first AI security engineer

Inherit the intelligence of the world's best security researchers and competitive hackers.

Start for free Book a demo