Strix

🔗 GitHub: https://github.com/usestrix/strix

👋 Hey Product Hunt - I’m Allam, creator of Strix.

Strix is an open-source AI penetration testing agent. It finds real vulnerabilities in real apps, validates them, and generates detailed reports with PoCs.

We launched just a month ago, and since then Strix has grown to ~2,000 GitHub stars ⭐ and ~8,000 downloads 🚀.

It’s already being used by:
- Security engineers at Fortune 500s
- Top 1% bug bounty hunters on HackerOne
- Top Auditing & compliance firms

Strix has uncovered hundreds of critical vulnerabilities in production systems and open-source projects.

Why we built it 👉 We believe security should be open, accessible, and trusted - not locked behind closed tools for only the biggest enterprises.

🎯 You can use it to:
- Detect and validate critical vulnerabilities in your applications.
- Get penetration tests done in hours, not weeks, with compliance reports.
- Automate bug bounty research and generate PoCs for faster reporting.
- Run tests in CI/CD to block vulnerabilities before reaching production.

Strix is Apache-2.0 licensed, fully open source, and free to try.

We’d love your feedback and ideas on how we can make it even better!

Really like the idea and that you’ve made it open source. Good luck!

Love it!
From "please fix" to "please break".
Had to be done.

Reallly cool direction. An AI pen-testing agent is ambitious and much needed. If you pull off accurate vulnerability detection + explainability, this could shift how devs secure code. Looking forward to trying it out.

Love the idea! Just tried it out and unfortunately I was not able to get a report yet because my laptop went to sleep first time around and the second time I hit my OpenAI limit so it would be awesome to integrate a resume feature or find a way to break down the testing into smaller chunks.

Would love to see where this goes!