• hacktron
Pre-Auth RCE in OpenAM via jato.clientSession (CVE-2026-33439)
Hacktron AI discovers a critical pre-authentication RCE in OpenAM through a forgotten deserialization parameter that the original CVE-2021-35464 fix missed.
Your AI teammate
for security
backed by
with investors from
Stop chasing alerts. Start fixing what's real.
trusted by
PRODUCT
The accuracy of a penetration tester, at machine speed
Launch full-scope assessments in minutes from the Hacktron platform. Get an audit-ready pentest report for SOC 2 or ISO 27001 in hours, not weeks.
We protect the teams building tomorrow
“The Hacktron team helped us uncover and remediate sophisticated vulnerabilities across our most critical systems incredibly quickly.
Their expertise brought immediate, measurable value to our security program, and I could not be more impressed with the results.
”
Kyle Polley
Head of Security
Perplexity
“Hacktron’s coordinated disclosure of their AI-augmented security research and rapid validation helped us quickly identify and close a subtle but serious vulnerability chain.
Their approach represents the cutting edge of modern security research.
”
Bil Harmer
CISO
Supabase
“We were genuinely impressed by Hacktron's speed and the results.
This is how the future of security testing looks like.
”
Filip Denker
Co-Founder & CTO
Yoto
Best for
Deep security analysis across your entire codebase
Taint flow tracing through business logic, auth, and payment paths
Threat modelling, architecture analysis, and multi-repo scanning
Every finding validated for accuracy
Best for
Advanced offensive security for organisations with complex threat models
Multi-module, multi-service applications with complex interdependencies
Dedicated OSCP / CREST researcher with custom integrations and 24/7 priority support
We're world-class security researchers and engineers.
Zayne “zeyu1337” Zhang
Co-Founder, CEO
Cambridge CS dropout. Ex-TikTok and ex-military. DEF CON CTF runner-up (Blue Water) 2023-24. Credited for 15 CVEs. Topped Singapore's government and military bug bounties.
Mohan “s1r1us” Pedhapati
Co-Founder, CTO
Ex-Cure53 Senior Security Researcher. Featured on PortSwigger & Vice. BlackHat & DEF CON speaker. Previously founded €1.5M revenue security auditing company.
Harsh “rootxharsh” Jaiswal
Co-Founder, Chief Research Officer
Ex-ProjectDiscovery. Top-ranked bug bounty hunter. Featured in Forbes for hacking Apple. Ekoparty & BSides speaker.
Fabian “LiveOverflow” Faessler
Member of Technical Staff, AI
Security educator with 1M+ YouTube followers. Cure53 Senior Auditor. Previously founded leading cybersecurity education platform.
Marcus “marcusjhang” Ang
Member of Technical Staff, Engineering
Ex-Millennium, ex-Binance. Full-stack engineer across government, fintech, and leading startups in Asia. Graduate of Asia's #1 computer science university.
Rahul “iamnoooob” Maini
Member of Technical Staff, Security
Ex-ProjectDiscovery. Expert in web security, patch analysis, and automation. Speaker at multiple security conferences such as Ekoparty, Hacktivity and NoNamecon.
Where are you?
We’re looking for world-class engineers and researchers. Please apply if you think you fit the bill.
APPLY Hear the latest from our team
• hacktron
vinext: Vibe-Hacking Cloudflare's Vibe-Coded Next.js Replacement
Cloudflare built a Next.js replacement in a week with AI for $1100. We pointed Hacktron at it to find what the tests missed.
• hacktron
Turning Cluely Into Malware
How we found a vulnerability in Cluely's Electron app that let any website silently capture screenshots, record audio, and exfiltrate everything - all because of a missing will-navigate handler.
• hacktron
RCE in Google's AI code editor Antigravity - $10000 Bounty
Hacktron AI Research Team discovered a critical RCE in Google’s Antigravity IDE that lets attackers take over your system just by opening a malicious website.
Hire your first AI penetration tester