Hacktron is an autonomous vulnerability hunter for ambitious engineering teams. Built by world-class security researchers. Powered by one principle: PoC || GTFO

Joined April 2025
36 Photos and videos
Pinned Post
Introducing Hacktron Review: an AI security reviewer for your pull requests. It understands your whole codebase, builds a threat model, takes your feedback, and catches exploitable vulnerabilities before they reach production. Try for free: app.hacktron.ai
21
39
214
47,680
Hacktron AI reposted
New landing page! Fable was held in captivity for 72 hours to produce this. Websites can be beautiful!
3
1
48
4,815
there is no way you’re going to make people read all their AI-generated code. it was already cognitively hard to review PRs when your colleagues were writing the code. now it’s even harder when AI is generating half of it. you should just assume people won’t read everything and put checks in the PR that surface vulnerabilities where the real risk is.
2
3
6
802
Hacktron AI reposted
I strongly believe most vulnerabilities never need to reach production if design and PR review are done well, but I don't think any team has the dev-to-security ratio to review every PR and design. Now it's possible with @HacktronAI. It's been reviewing every PR on @RocketChat, and since it's all open source, I can show you proofs, not plain marketing bullshit. 🧵
1
5
58
4,213
Hacktron now powers security review for every pull request in @RocketChat. In the first 20 days of integration, Rocket․Chat has found and fixed 17 real vulnerabilities, including a critical-severity account takeover (CVE-2026-55666), and a token replay attack (CVE-2026-55759).
1
3
9
1,547
Each review ran in ~1-2 minutes, with accurate codebase and threat model context. As @juliocfa_, Director of Security at @RocketChat put it: "False positives become less frequent, improving accuracy and cutting the time spent triaging non-issues." hacktron.ai/customer-stories…
1
272
Almost every vulnerability we have exploited started as a pull request someone approved. That means your pull requests are not just code review events. They are security events too. Think about an open source project. A scanner finds a vulnerability and posts it right there as a public comment on the pull request: the full title, the description, the exact file and line. Great for the maintainer who has to fix it, but it’s also great for any hacker lurking around. The bug has been published before even closing it. So on public repos, Hacktron handles security issues differently. For findings outside the code a PR actually touched, the public comment shows only a link to view the details within the Hacktron platform. The real details stay private, visible to only the maintainers. Private and internal repos show full details as normal.
1
2
7
1,307
Hacktron x @krispHQ Krisp is deployed on 200M devices, processes 80 billion minutes of voice conversations every month, and powers Discord's built-in AI noise suppression. At that scale, security is not just an internal priority. It is critical to Krisp and the customers who rely on them. Like many security teams, Krisp relied on traditional SAST tools, but high alert volumes and false positives made it difficult to separate real risk from noise. As engineering teams began using AI to ship software faster, Krisp needed a way to catch meaningful vulnerabilities earlier in the development process without slowing developers down or changing how teams work. Learn why Krisp partnered with Hacktron to bring an AI-native security workflow to their SDLC. Link below👇
1
3
14
4,017
Hacktron AI reposted
Security only the branch of a willow tree could conjure. That's what you get when you work with a team obsessed with one thing: making security something you no longer have to obsess over. Not because security matters less, but because the real issues get surfaced automatically, without the false positives that come with them.
1
4
1,103
🚨 NPM supply chain alert  🚨 There is an active compromise affecting Immobiliare packages. Check your dependency tree, remove affected packages, and rotate any secrets exposed in affected environments. github.com/immobiliare/backs…
1
3
14
1,762
Hacktron AI reposted
Anchor is secured by @HacktronAI Thanks to their open source program, all PRs get 24/7 coverage for security issues
5
8
40
7,215
Hacktron AI reposted
New blog: We show how a resurrected H2 INIT allows RCE into Metabase Cloud and taking over any tenant! Read the full write-up: hacktron.ai/blog/metabase-cl…
1
24
92
16,817
Hacktron AI reposted
use the HacktronAI/dependency-scan GitHub action to check your dependencies against known malware & supply-chain compromises. this is the beginning of a broader effort! DMs open for feedback. github.com/hacktronai/depend…
4
16
1,726
Hacktron AI reposted
PSA: when you wake up, reach for your phone immediately. Do NOT scroll Instagram reels. Send a good morning message. Not to your girlfriend, to Claude. That way, you can start the clock for your 5 hour Claude Code usage limit while you freshen up and head to the office. At noon, the 5 hour window would have passed and the usage limit would reset. Then you can generate more shareholder value.
232
907
20,238
1,087,898
Hacktron AI reposted
internet breaking? news.ycombinator.com/item?id…
4
34
6,111
Introducing the Hacktron MCP. Give Claude Code, Codex, or Cursor a PR URL. With the Hacktron MCP, it will fetch the relevant security findings, write the fixes, and update Hacktron when the issue is resolved. All done before your coffee gets cold.
3
25
5,597
Hacktron AI reposted
RCE in Warp Terminal! I believe the attack surface is broadening with every new tool you use. Every OAuth app you authorise with elevated scopes.. we'd see more breaches via targeting tools/SaaS.. the attack surface is everyone and everything now - hacktron.ai/blog/the-attack-…
1
13
47
3,805