Xint

See All Vulnerability Research AI for Security Competitions News Product Open Source Projects FAQ Case Study

FAQ: Are the Incremental Improvements in New Models Worth the Higher Cost?

What are the incremental benefits to each new (more expensive) model and when does it make sense to update?

Jun 16, 2026

AI for SecurityProductFAQ

AI Wrapper vs. AI Native

Everyone is claiming AI in AppSec, but there are meaningful differences in how AI is used, leading to fundamentally differences in exposure

Jun 10, 2026

AI for SecurityFAQ

Using Context to Discover IDOR Vuln in Healthcare Co: Technical Deep Dive

In an engagement with a healthcare client, Xint uncovered an IDOR vulnerability allowing unauthorized access to patients' protected health information (PHI).

Jun 02, 2026

Vulnerability ResearchAI for SecurityCase Study

FAQ: Is AI Application Security Testing Reliable If Results Vary Between Scans?

Non-deterministic LLM vuln discovery is actually a strength for Xint since it can go beyond fixed rules or patterns that are easily gamed by attackers.

May 28, 2026

ProductAI for SecurityFAQ

AI won’t replace human pentesters and security teams. It will be a force multiplier

LLMs are changing the role of security researchers and engineers, but companies laying off human cyber experts just as AI coding generates more vulnerable code are in for a world of hurt.

May 26, 2026

AI for SecurityFAQ

FAQ: Are the Incremental Improvements in New Models Worth the Higher Cost?

What are the incremental benefits to each new (more expensive) model and when does it make sense to update?

Jun 16, 2026

AI for SecurityProductFAQ

AI Wrapper vs. AI Native

Everyone is claiming AI in AppSec, but there are meaningful differences in how AI is used, leading to fundamentally differences in exposure

Jun 10, 2026

AI for SecurityFAQ

Using Context to Discover IDOR Vuln in Healthcare Co: Technical Deep Dive

In an engagement with a healthcare client, Xint uncovered an IDOR vulnerability allowing unauthorized access to patients' protected health information (PHI).

Jun 02, 2026

Vulnerability ResearchAI for SecurityCase Study

FAQ: Is AI Application Security Testing Reliable If Results Vary Between Scans?

Non-deterministic LLM vuln discovery is actually a strength for Xint since it can go beyond fixed rules or patterns that are easily gamed by attackers.

May 28, 2026

ProductAI for SecurityFAQ

AI won’t replace human pentesters and security teams. It will be a force multiplier

LLMs are changing the role of security researchers and engineers, but companies laying off human cyber experts just as AI coding generates more vulnerable code are in for a world of hurt.

May 26, 2026

AI for SecurityFAQ

Copy Fail: From Pod to Host.

A walkthrough of Copy Fail (CVE-2026-31431) as a container escape primitive: from a 4-byte page cache write to host root on Kubernetes.

May 19, 2026

Vulnerability ResearchAI for SecurityOpen Source Projects

Xint’s False Positive Rate: Methodology and Purpose

We don’t know the FP rate for the latest frontier models when it comes to AppSec. We share ours and how we arrived at it.

May 18, 2026

ProductAI for Security

Kernel Vulns Uncovered by Xint in MacOS, iOS and iPadOS

This is an overview of the two kernel-level vulnerabilities uncovered by Xint Code in MacOS, iOS and iPadOS which have been patched by Apple

May 12, 2026

Vulnerability ResearchAI for SecurityNews

Why Zero Data Retention Should Be Non-Negotiable When Your Team Uses LLMs

Zero data retention (ZDR) policies for LLMs in AppSec are not the default, but here's why they belong at the top of your AI procurement checklist.

May 11, 2026

Product

What to Ask Every AI PenTest Vendor Before You Buy

These are the 8 questions that will tell you whether a vendor is selling a pen test alternative, a faster SAST tool, or a demo that doesn’t survive production

May 06, 2026

AI for SecurityProduct

Vulnerabilities vs. Weaknesses: Why the Distinction Matters

There's a difference between insecure code patterns and true vulnerabilities that hackers seek to exploit. Why does that matter?

May 05, 2026

Vulnerability ResearchAI for SecurityProduct

Working With DARPA to Secure Open Source Infrastructure: CVE-2026-31789

The story behind CVE-2026-31789 demonstrates how DARPA and Xint are accelerating AI cyber defenses

May 04, 2026

CompetitionsNews Vulnerability ResearchOpen Source Projects

Copy Fail: 732 Bytes to Root on Every Major Linux Distribution.

Xint Code disclosed CVE-2026-31431, an authencesn scratch-write bug chaining AF_ALG + splice() into a 4-byte page cache write. A 732-byte PoC gets root on Ubuntu, Amazon Linux, RHEL, SUSE.

Apr 29, 2026

AI for Security Vulnerability ResearchOpen Source Projects

System, Not Model: Why Off-the-Shelf LLMs Don’t Replace a Pen Test

What do buyers actually purchase when they pay for a vulnerability discovery platform, and why is the model the cheapest input in the bill?

Apr 27, 2026

Vulnerability ResearchAI for Security

Theori Deploys AI Hacker ‘Xint’ to Samsung Electronics, Leading the Charge in Large-Scale IT Asset Security Automation

Press Release for April 21, 2026

Apr 21, 2026

News

The Frontier Isn’t the Model: Why ‘Good Enough’ Reasoning + Scaffolding Is More Important

In this exclusive report, Xint researchers compare Mythos's publicly disclosed results versus what broadly available models can accomplish using advanced scaffolding

Apr 16, 2026

AI for Security Vulnerability Research

AI Made Code Cheap. Trust Did Not.

While code is abundant, assurance is scarce. The winners won't be the teams that generate the most code, it’ll be the teams that can prove it's safe.

Apr 13, 2026

AI for Security

Finding and Patching a CPython 0day in Hours: CVE-2026-6100

A critical CPython CVE today took less than 45 minutes of human work to find, triage, and fix because of Xint Code

Apr 13, 2026

Vulnerability ResearchOpen Source Projects

How Xint’s Predictable Pricing Solves the Token Burn Problem for AI in AppSec

Linear increases in code are leading to exponential token burn increases. Xint's orchestration brings clear, predictable pricing.

Apr 09, 2026

AI for Security

What are business logic vulnerabilities, and why are they so hard to catch?

Even secure-looking code can hide dangerous flaws. Learn why business logic vulnerabilities are hard to detect and why most scanners miss them.

Mar 05, 2026

AI for Security

Announcing Xint Code

Real Vulnerabilities. Actionable Results.

Dec 15, 2025

AI for SecurityProduct

AI Cyber Challenge and Theori's RoboDuck

An introduction to DARPA's AI Cyber Challnge and Theori's third place cyber reasoning system

Aug 08, 2025

CompetitionsAI for Security

Building Effective LLM Agents | AI Cyber Challenge

How we learned to build effective LLM agents for hacking at DARPA's AI Cyber Challenge (AIxCC)

Aug 08, 2025

AI for SecurityCompetitions

XINT.IO BLOG

FAQ: Are the Incremental Improvements in New Models Worth the Higher Cost?

AI Wrapper vs. AI Native

Using Context to Discover IDOR Vuln in Healthcare Co: Technical Deep Dive

FAQ: Is AI Application Security Testing Reliable If Results Vary Between Scans?

AI won’t replace human pentesters and security teams. It will be a force multiplier

FAQ: Are the Incremental Improvements in New Models Worth the Higher Cost?

AI Wrapper vs. AI Native

Using Context to Discover IDOR Vuln in Healthcare Co: Technical Deep Dive

FAQ: Is AI Application Security Testing Reliable If Results Vary Between Scans?

AI won’t replace human pentesters and security teams. It will be a force multiplier

Copy Fail: From Pod to Host.

Xint’s False Positive Rate: Methodology and Purpose

Kernel Vulns Uncovered by Xint in MacOS, iOS and iPadOS

Why Zero Data Retention Should Be Non-Negotiable When Your Team Uses LLMs

What to Ask Every AI PenTest Vendor Before You Buy

Vulnerabilities vs. Weaknesses: Why the Distinction Matters

Working With DARPA to Secure Open Source Infrastructure: CVE-2026-31789

Copy Fail: 732 Bytes to Root on Every Major Linux Distribution.

System, Not Model: Why Off-the-Shelf LLMs Don’t Replace a Pen Test

Theori Deploys AI Hacker ‘Xint’ to Samsung Electronics, Leading the Charge in Large-Scale IT Asset Security Automation

The Frontier Isn’t the Model: Why ‘Good Enough’ Reasoning + Scaffolding Is More Important

AI Made Code Cheap. Trust Did Not.

Finding and Patching a CPython 0day in Hours: CVE-2026-6100

How Xint’s Predictable Pricing Solves the Token Burn Problem for AI in AppSec

What are business logic vulnerabilities, and why are they so hard to catch?

Announcing Xint Code

AI Cyber Challenge and Theori's RoboDuck

Building Effective LLM Agents | AI Cyber Challenge

XINT.IO BLOG

FAQ: Are the Incremental Improvements in New Models Worth the Higher Cost?

AI Wrapper vs. AI Native

Using Context to Discover IDOR Vuln in Healthcare Co: Technical Deep Dive

FAQ: Is AI Application Security Testing Reliable If Results Vary Between Scans?

AI won’t replace human pentesters and security teams. It will be a force multiplier

FAQ: Are the Incremental Improvements in New Models Worth the Higher Cost?

AI Wrapper vs. AI Native

Using Context to Discover IDOR Vuln in Healthcare Co: Technical Deep Dive

FAQ: Is AI Application Security Testing Reliable If Results Vary Between Scans?

AI won’t replace human pentesters and security teams. It will be a force multiplier

Copy Fail: From Pod to Host.

Xint’s False Positive Rate: Methodology and Purpose

Kernel Vulns Uncovered by Xint in MacOS, iOS and iPadOS

Why Zero Data Retention Should Be Non-Negotiable When Your Team Uses LLMs

What to Ask Every AI PenTest Vendor Before You Buy

Vulnerabilities vs. Weaknesses: Why the Distinction Matters

Working With DARPA to Secure Open Source Infrastructure: CVE-2026-31789

Copy Fail: 732 Bytes to Root on Every Major Linux Distribution.

System, Not Model: Why Off-the-Shelf LLMs Don’t Replace a Pen Test

Theori Deploys AI Hacker ‘Xint’ to Samsung Electronics, Leading the Charge in Large-Scale IT Asset Security Automation

The Frontier Isn’t the Model: Why ‘Good Enough’ Reasoning + Scaffolding Is More Important

AI Made Code Cheap. Trust Did Not.

Finding and Patching a CPython 0day in Hours: CVE-2026-6100

How Xint’s Predictable Pricing Solves the Token Burn Problem for AI in AppSec

What are business logic vulnerabilities, and why are they so hard to catch?

Announcing Xint Code

AI Cyber Challenge and Theori's RoboDuck

Building Effective LLM Agents | AI Cyber Challenge