Image by DC Studio, from Freepik
AI Hacker Bot Finds Bugs For Amazon, Disney, PayPal
Reading time: 2 min
Last Updated: Jun 26, 2025
-
![Kiara Fabbri]()
-
![Sarah Frazier]()
Fact-Checked by Sarah Frazier Content Manager
Xbow’s AI bot won the number one position on HackerOne’s US leaderboard thanks to its penetration testing automation capabilities.
In a rush? Here are the quick facts:
- Xbow automates penetration testing, saving time and reducing costs for companies.
- Startup raised $75 million led by Altimeter Capital and Sequoia Capital.
- AI found bugs in major firms like Amazon, Disney, PayPal, and Sony.
The hacker Xbow achieved first place on a leading US leaderboard for discovering software security vulnerabilities, as first reported by Bloomberg. However Xbow is not a person, but an AI tool created by a startup of the same name.
Xbow’s AI works automating penetration testing, where hackers try to find weak spots in corporate software before criminals can exploit them. Founded in January 2024 by GitHub veteran Oege de Moor, the company just raised $75 million to grow its technology, as reported by Bloomberg.
De Moor explained, “By automating this we can completely change the equation,” as reported by Bloomberg.
The current practice of manual penetration testing costs around $18,000 for each system, and requires weeks to complete. Xbow aims to enable businesses to run continuous system testing, as well as more frequent testing, to detect security issues before new products launch.
Xbow works through HackerOne, a platform where companies reward hackers for reporting bugs. When Xbow’s AI finds a vulnerability, a human double-checks it to avoid errors. The AI has reported bugs to big companies like Amazon, Disney, PayPal, and Sony, as reported by Bloomberg.
However, the technology still has limits. While Xbow excels at detecting coding errors and common security flaws, it struggles to interpret more complex product design issues, such as distinguishing sensitive information that should remain private, as reported by Bloomberg.
To address this, the startup plans to develop features that not only identify problems but also offer suggestions for fixes and improvements in the code.
Altimeter partner Apoorv Agrawal said to Bloomberg, “Cybersecurity is going through a credibility crisis […] What chief information security officers want is less, not more [alerts]. AI can help.” But he added that adopting AI tools like Xbow will require companies to change long-standing workflows and behaviors.
As cyberattacks grow more automated, tools like Xbow mark a new era where machines defend against machines.
Previous Story
Latest articles 
