We built an AI that does the boring offensive security where should the human stay in the loop?

Hey makers 👋

I'm Syef, CEO and co-founder of Xseth a two-person team building an autonomous recon + triage engine for offensive security. Our users are the people drowning in attack surface and noise: bug bounty hunters, MSPs, and MSSPs.

The honest pitch: most of offensive security isn't the clever exploit it's the hours of mapping attack surface, chasing dead ends, and triaging scanner noise. We're automating that part so humans spend their time on the findings that actually matter.

We're pre-seed and heads-down, but I'd rather build in the open than in a vacuum. A few things I genuinely want this room's take on:

🔹 For the security folks: what's the one recon/triage task you'd hand off to a machine tomorrow without losing sleep and the one you'd never trust to automation?

🔹 For fellow founders: we're holding ourselves to a "First Blood" milestone one deterministically validated vuln on a live authorized program before we open funding conversations. Smart line in the sand, or over-engineering the proof?

🔹 Open question: where does "autonomous" stop being a feature and start being a liability in security tooling?

Drop a comment I'll reply to every one and share what we learn along the way. Roast the idea, poke holes, or tell me we're solving a problem you don't have. All useful. 🙏

5 views

Add a comment

Replies

Be the first to comment