Strix is an open-source AI hacking agent that finds real security vulnerabilities, validates them with PoCs, and generates detailed reports. Used by top security teams, bug bounty hunters & auditors to automate penetration testing in hours instead of weeks.
This is the 2nd launch from Strix. View more
Strix Agents
Launched this week
The new Strix platform gives devs continuous security in one place: continuously pentest your apps, block vulnerable PRs before merge, generate merge-ready fixes, and track security posture over time.
Free
Launch Team / Built With
Strix
Hey Product Hunt 👋
Strix started as an open-source framework for autonomous pentesting.
Since launch, it’s grown to 80,000+ users, 15B+ LLM tokens processed daily, 1,300+ pentests per day, and 78,000+ vulnerabilities reported.
The demand became clear: teams wanted more than the framework. They wanted Strix running continuously across their repos, apps, and attack surface, with scheduling, validation history, auto-fix, integrations, and enterprise controls.
Why now? 🚀
AI increased software shipping velocity
security workflows mostly stayed the same
periodic pentests and manual triage do not work when systems change every day
So today we’re launching the new Strix Platform:
continuously pentest full-stack apps
block vulnerable PRs before merge
verify findings with proof-of-exploit
generate merge-ready fixes
retest automatically
track security posture over time
Excited to hear what you think and answer any questions :)
@0xallam verify findings with proof-of-exploit... that's a bold promise. usually ai security tools are just 'hallucination factories' for false positives. does it actually generate a script to reproduce the vulnerability?
Checking out today
Open source for security tooling is the right call - you can't ask developers to trust a black box that's poking at their app. Curious about the false positive rate in practice. In my experience scanning real-world apps, the gap between "flagged" and "actually exploitable" is where most tools lose credibility.
Does this also work for mobile web apps? Or is this only mobile apps?