Open-Source AI Vulnerability Research Platform – OpenHack

Anuj May 25, 2026
www.news4hackers.com-open-source-ai-vulnerability-research-platform-openhack-open-source-ai-vulnerability-research-platform-openhack
Post Views: 1

Vulnerability Research Gets a Boost from OpenHack

Researchers at Hadrian have developed an open-source framework called OpenHack, designed to streamline vulnerability research using artificial intelligence (AI) and automation.

Streamlining Vulnerability Research

  • The OpenHack system comprises agents and tools that operate within a file-based workspace, allowing users to execute models, access terminals, interact with repositories, and obtain human-in-the-loop approvals.
  • The system maintains a durable record of its activities by keeping state in plain files, such as cloned source, recon items, and scenario prompts.

“Our discovery of critical vulnerabilities made it clear that security teams don’t need Mythos to find critical vulnerabilities.”

The operating model behind OpenHack relies on a state machine that advances through a series of phases, each involving different agents and decision-making processes. Human operators are responsible for approving key transitions, ensuring that the process remains secure and effective.

Expert Families

  • Twelve expert families are currently defined within the OpenHack registry, covering various categories, including OWASP Top 10:2025 and MITRE Common Weakness Enumeration (CWE).
  • These families focus on issues such as broken access control, software supply chain failures, cryptographic failures, injection, insecure design, authentication failures, and software or data integrity failures.

In addition to these categories, the OpenHack registry also addresses specific weaknesses, such as CWE-119 memory buffer errors, CWE-200 sensitive information exposure, CWE-22 and CWE-434 path traversal and unrestricted upload, and API4:2023 unrestricted resource consumption.

Optional enrichment with bundled Semgrep rules is available during the reconnaissance phase, treating Semgrep hits as hints rather than verified vulnerabilities. The entire process is documented in plain files, providing a transparent and reproducible record of the research efforts.

OpenHack is freely available on GitHub, allowing developers and security professionals to contribute to and utilize the platform.




About Author

Anuj

See author's posts

More Stories

www.news4hackers.com-large-scale-clickfix-campaign-exploits-ghost-cms-sql-injection-flaw-large-scale-clickfix-campaign-exploits-ghost-cms-sql-injection-flaw

Large-Scale ClickFix Campaign Exploits Ghost CMS SQL Injection Flaw

Anuj May 24, 2026
www.news4hackers.com-github-hacked-via-malicious-vs-code-extension-critical-nginx-flaw-exploited-github-hacked-via-malicious-vs-code-extension-critical-nginx-flaw-exploited

GitHub Hacked Via Malicious VS Code Extension, Critical Nginx Flaw Exploited

Anuj May 24, 2026
www.news4hackers.com-trend-micro-warns-of-unpatched-apex-one-vulnerability-exploited-by-malware-actors-trend-micro-warns-of-unpatched-apex-one-vulnerability-exploited-by-malware-actors

Trend Micro Warns of Unpatched Apex One Vulnerability Exploited by Malware Actors

Anuj May 22, 2026

Latest Cyber Security News

www.news4hackers.com-open-source-ai-vulnerability-research-platform-openhack-open-source-ai-vulnerability-research-platform-openhack

Open-Source AI Vulnerability Research Platform – OpenHack

Anuj May 25, 2026
www.news4hackers.com-key-takeaways-from-the-2026-verizon-data-breach-investigations-report-key-takeaways-from-the-2026-verizon-data-breach-investigations-report

Key Takeaways from the 2026 Verizon Data Breach Investigations Report

Anuj May 25, 2026
www.news4hackers.com-mules-in-cybercrime-how-prayagraj-investigation-exposed-global-scams-mules-in-cybercrime-how-prayagraj-investigation-exposed-global-scams

Mules in Cybercrime: How Prayagraj Investigation Exposed Global Scams

Anuj May 25, 2026
www.news4hackers.com-why-executives-are-embracing-shadow-artificial-intelligence-why-executives-are-embracing-shadow-artificial-intelligence

Why Executives Are Embracing Shadow Artificial Intelligence

Anuj May 25, 2026
www.news4hackers.com-measuring-cyber-risk-in-monetary-terms-not-just-vulnerability-counts-measuring-cyber-risk-in-monetary-terms-not-just-vulnerability-counts

Measuring Cyber Risk in Monetary Terms, Not Just Vulnerability Counts

Anuj May 25, 2026
en_USEnglish
en_USEnglish