| ▲ | VulnHunter: Capital One's agentic AI code security tool(capitalone.com) | ||||||||||||||||||||||
| 25 points by medina 3 hours ago | 14 comments | |||||||||||||||||||||||
| ▲ | _pdp_ 18 minutes ago | parent | next [-] | ||||||||||||||||||||||
IMHO these type of projects are not tools per-se but methodologies. I think this is a better framing since that's exactly what they are - a bunch of markdown files that describe in general terms how to perform an assessment aligned to some principles. Btw, these type of methodologies are used all the time. Practically every security consultancy has them so adding them to an LLM makes a lot of sense. | |||||||||||||||||||||||
| ▲ | ph3t 2 hours ago | parent | prev | next [-] | ||||||||||||||||||||||
All these security/vulnerability scanning harnesses look more or less the same. Not sure what’s the point of bragging or publishing about them anymore, there’s no moat | |||||||||||||||||||||||
| |||||||||||||||||||||||
| ▲ | mkagenius an hour ago | parent | prev | next [-] | ||||||||||||||||||||||
If there is a pentester here who uses mitmproxy, the security skills below (distilled from 4000 h1 disclosures) might help -https://github.com/instavm/security-skills this is just a side project though for me | |||||||||||||||||||||||
| ▲ | liampulles 42 minutes ago | parent | prev | next [-] | ||||||||||||||||||||||
Wasn't Capital One founded on the premise of massive-scale market and product experimentation? Makes sense that they would design tools that match that approach. | |||||||||||||||||||||||
| ▲ | _joel an hour ago | parent | prev | next [-] | ||||||||||||||||||||||
Why does this feel like an exec trying to justify token spend? | |||||||||||||||||||||||
| ▲ | xur17 an hour ago | parent | prev | next [-] | ||||||||||||||||||||||
> If you intend to use VulnHunter on Anthropic's first-party platforms (Claude API / Claude Code), we strongly recommend enrolling first via the verification portal. Has anyone actually had success with this? I applied for my company several weeks ago, and never heard back. | |||||||||||||||||||||||
| |||||||||||||||||||||||
| ▲ | jp0001 an hour ago | parent | prev | next [-] | ||||||||||||||||||||||
This is a sad. Makes me want to move my bank accounts. | |||||||||||||||||||||||
| ▲ | medina 3 hours ago | parent | prev | next [-] | ||||||||||||||||||||||
VulnHunter: Capital One’s open-source, agentic AI code security tool. | |||||||||||||||||||||||
| ▲ | sbarrofan1 2 hours ago | parent | prev [-] | ||||||||||||||||||||||
Put a wrapper around nessus, stave off a "below strong" rating another six months | |||||||||||||||||||||||
| |||||||||||||||||||||||