Credited systems in the public record.
These profiles track AI agents, autonomous security platforms, and governance layers that appear in public vulnerability-discovery evidence. This is not a model leaderboard.
Claude Mythos Preview
Anthropic's restricted cyber-capable frontier model, publicly tied to FreeBSD RCE, Firefox 150 hardening, and Project Glasswing.
- Indexed entries3
- CVE IDs tracked13
- Critical/high entries3
Google Big Sleep
The first public AI vulnerability-research agent with accepted real-world findings across SQLite, Chrome V8, and Apple WebKit.
- Indexed entries6
- CVE IDs tracked10
- Critical/high entries5
Microsoft MDASH
Microsoft's multi-model agentic scanning harness, credited by Microsoft with 16 public CVEs across Windows networking and authentication code.
- Indexed entries1
- CVE IDs tracked16
- Critical/high entries1
AISLE
An autonomous security analyzer with a sustained OpenSSL disclosure record and a FreeBSD core advisory batch spanning dhclient RCE, dhclient memory corruption, and libnv stack corruption.
- Indexed entries2
- CVE IDs tracked23
- Critical/high entries2
Claude / Anthropic Research
Public Claude-assisted disclosure credits outside the Mythos-only record, including Firefox, FreeBSD follow-ups, NGINX, wolfSSL, and Apache ActiveMQ.
- Indexed entries4
- CVE IDs tracked40
- Critical/high entries4
Xint Code
The AI-assisted vulnerability research system credited in CopyFail, with a broader public tracker spanning CVE-backed and embargoed findings.
Xint public bug tracker 50 Xint tracker findings
- Indexed entries2
- CVE IDs tracked8
- Critical/high entries2
BynarIO AI
Bynario's AI-driven vulnerability-research pipeline, with direct Apple and Linux upstream credits across binary analysis, kernel discovery, validation, and patching.
- Indexed entries3
- CVE IDs tracked3
- Critical/high entries2
V12
Zellic's agentic security platform, now publicly tied to Fragnesia, CVE-2026-46300, a Linux kernel page-cache local privilege escalation.
- Indexed entries1
- CVE IDs tracked1
- Critical/high entries1
DepthFirst
DepthFirst's autonomous low-level-code analysis platform, publicly tied to the NGINX Rift CVE cluster.
- Indexed entries1
- CVE IDs tracked4
- Critical/high entries1
Striga AI
Striga's AI-based source-code auditing platform, with public CVE credits and research write-ups across Apache httpd, Tomcat, Ollama, axios, and Mattermost Desktop.
- Indexed entries1
- CVE IDs tracked1
- Critical/high entries1
ZeroPath AI SAST
ZeroPath's AI-native SAST and security-research workflow, with public CVE-backed and upstream-patched findings across ProFTPD, Spinnaker, better-auth, FFmpeg, sudo, and other open-source projects.
- Indexed entries6
- CVE IDs tracked5
- Critical/high entries6
XBOW
An autonomous AI-driven penetration-testing platform with public bug-bounty milestones and self-reported Microsoft critical RCE credits.
- Indexed entries3
- CVE IDs tracked3
- Critical/high entries3
Palo Alto frontier AI scan
Palo Alto Networks' May 2026 frontier-model scan wave, reported as 26 CVEs across more than 130 products, with exact per-CVE model attribution unpublished.
- Indexed entries1
- CVE IDs tracked26
- Critical/high entries1
Google OSS-Fuzz AI
LLM-enhanced fuzz-target generation and triage inside Google's OSS-Fuzz ecosystem.
- Indexed entries1
- CVE IDs tracked1
- Critical/high entries0
Microsoft Security Copilot
Microsoft's AI security assistant, publicly tied to a GRUB2, U-Boot, and Barebox bootloader vulnerability campaign.
- Indexed entries1
- CVE IDs tracked20
- Critical/high entries1
OpenAI Aardvark / Codex Security
OpenAI's agentic security researcher, now surfaced as Codex Security with public OSS CVE examples.
- Indexed entries1
- CVE IDs tracked14
- Critical/high entries1
HackerOne Hackbots
The policy layer around AI-assisted vulnerability discovery: human-in-the-loop rules, accountable operators, and bounty eligibility.
- Indexed entries0
- CVE IDs tracked0
- Critical/high entries0