Hacktron autonomously reviews code, finds vulnerabilities, and writes exploits.https://www.hacktron.ai/https://www.hacktron.ai/blog/hacking-cloudflare-vinext/https://www.hacktron.ai/blog/hacking-cloudflare-vinext/Cloudflare built a Next.js replacement in a week with AI for $1100. We pointed Hacktron at it to find what the tests missed.Fri, 27 Feb 2026 00:00:00 GMThttps://www.hacktron.ai/blog/hacking-cluely/https://www.hacktron.ai/blog/hacking-cluely/How we found a vulnerability in Cluely's Electron app that let any website silently capture screenshots, record audio, and exfiltrate everything - all because of a missing will-navigate handler.Sat, 14 Feb 2026 00:00:00 GMThttps://www.hacktron.ai/blog/hacking-google-antigravity/https://www.hacktron.ai/blog/hacking-google-antigravity/Hacktron AI Research Team discovered a critical RCE in Google’s Antigravity IDE that lets attackers take over your system just by opening a malicious website.Sun, 08 Feb 2026 00:00:00 GMThttps://www.hacktron.ai/blog/cve-2026-1731-beyondtrust-remote-support-rce/https://www.hacktron.ai/blog/cve-2026-1731-beyondtrust-remote-support-rce/Hacktron AI's agents identified a critical pre-authentication remote code execution (RCE) vulnerability in BeyondTrust Remote Support (RS) and older versions of Privileged Remote Access (PRA). This has been assigned CVE-2026-1731 with a CVSS 9.9 critical score.Fri, 06 Feb 2026 00:00:00 GMThttps://www.hacktron.ai/blog/soc-2-type-1/https://www.hacktron.ai/blog/soc-2-type-1/Hacktron has achieved SOC 2 Type 1 compliance, demonstrating our commitment to robust security practices and protecting our customers' data.Tue, 13 Jan 2026 00:00:00 GMThttps://www.hacktron.ai/blog/hacking-openai-atlas-browser/https://www.hacktron.ai/blog/hacking-openai-atlas-browser/A critical ChatGPT Atlas Browser vulnerability: XSS on an OpenAI subdomain let attackers hijack tabs, leak browsing URLs, and steal OAuth tokens.Tue, 02 Dec 2025 00:00:00 GMThttps://www.hacktron.ai/blog/perplexity-comet-uxss/https://www.hacktron.ai/blog/perplexity-comet-uxss/How Hacktron AI Research team identified and prevented a critical UXSS vulnerability in Perplexity's AI Browser - Comet.Mon, 24 Nov 2025 00:00:00 GMThttps://www.hacktron.ai/blog/jdbc-audit-at-scale/https://www.hacktron.ai/blog/jdbc-audit-at-scale/How we used Hacktron CLI to audit JDBC drivers at scale, mapping dangerous sinks to user input and turning file primitives into real-world RCEs and bug bounties.Fri, 21 Nov 2025 00:00:00 GMThttps://www.hacktron.ai/blog/supapwn/https://www.hacktron.ai/blog/supapwn/We hacked our way into Lovable's office by demoing SupaPwn — a chain that could potentially enable region-wide tenant takeover: event-trigger privilege window, DB superuser, host RCE, SUID escalation, exposed configs, orchestration takeoverMon, 17 Nov 2025 00:00:00 GMThttps://www.hacktron.ai/blog/introducing-hacktron/https://www.hacktron.ai/blog/introducing-hacktron/At Hacktron, we're building collaborative AI agents that act as autonomous security researchers. Learn more about our approach and our AI-driven pentest on Gumroad.Thu, 14 Aug 2025 00:00:00 GMThttps://www.hacktron.ai/blog/python-zip-confusion/https://www.hacktron.ai/blog/python-zip-confusion/How a Python comment can turn a file into a ZIP polyglot, tricking the interpreter into running code. Insights from a UIUCTF 2025 challenge and Python's ZIP parsing quirks.Mon, 28 Jul 2025 00:00:00 GMThttps://www.hacktron.ai/blog/dassault-delmia-apriso-rce/https://www.hacktron.ai/blog/dassault-delmia-apriso-rce/For years, this vulnerability hid in plain sight — missed by multiple audits and even used in production by Apple. In just ten minutes, Hacktron exposed a full pre‐auth RCE path.Tue, 03 Jun 2025 00:00:00 GMThttps://www.hacktron.ai/blog/ivanti-epmm-variant-analysis/https://www.hacktron.ai/blog/ivanti-epmm-variant-analysis/Hacktron AI uncovers a new pre-authenticated RCE variant in Ivanti EPMM by identifying a fresh EL injection sink.Fri, 16 May 2025 00:00:00 GMThttps://www.hacktron.ai/blog/ai-hackers-generational-threat/https://www.hacktron.ai/blog/ai-hackers-generational-threat/AI hackers will scale cyber threats via automated exploitation, but the same technology can turn this generational risk into an industry-wide defence.Thu, 08 May 2025 00:00:00 GMThttps://www.hacktron.ai/blog/how-ai-can-hack/https://www.hacktron.ai/blog/how-ai-can-hack/Why does hacking feel like magic? We dive deep into how human hackers think, and how we can design AI agents to find bugs in complex systems the way top security researchers do.Mon, 21 Apr 2025 00:00:00 GMThttps://www.hacktron.ai/blog/element-rce/https://www.hacktron.ai/blog/element-rce/We achieved full RCE on Element Desktop by chaining iframe injection, Electron misconfigs, and a V8 exploit to bypass sandboxing and access Node.js APIs from a subframe.Sat, 13 Aug 2022 00:00:00 GMThttps://www.hacktron.ai/blog/discord-rce/https://www.hacktron.ai/blog/discord-rce/How a chain of XSS, CSP bypass, and Electron misconfigs led to full remote code execution on Discord Desktop. We walk through the technical details, steps, and lessons learned.Fri, 29 Jul 2022 00:00:00 GMThttps://www.hacktron.ai/blog/vscode-rce/https://www.hacktron.ai/blog/vscode-rce/How we achieved remote code execution in Visual Studio Code's Restricted Mode by chaining origin leaks, CSP bypasses, and webview message handler flaws.Wed, 29 Jun 2022 00:00:00 GMT