A few weeks before I watched a small team of Artificial intelligence Agents spend about 10 minutes trying to hack into my completely new Vibe-encoded website.
The AI agents, developed by Startup Runsybil, worked together to probe my poor website to identify weak spots. An orchestral agent, called Sybil, controls several more special agents all powered by a combination of custom language models and off-shelf APIs.
While conventional vulnerability scanners probe for specific known problems, Sybil is capable of working at a higher level, using artificial intuition to calculate weaknesses. For example, for example, it could be thought that a guest -user has a privileged approach – something that a regular scanner could miss – and use this to build an attack.
Ariel Herbert-Voss, general manager and co-founder of Runsybil, says that AI Models are likely to revolutionize both offensive and defensive cybersecurity. “I would argue that we are definitely in the cushion of a technological explosion regarding skills that both bad and good actors can take advantage of,” Herbert-Voss told me. “Our mission is to build the next generation of offensive security testing just to help everyone continue.”
The website intended by Sybil was one that I created recently using Claude Code to help me order with new AI -research articles. The site I call Arxiv slurper consists of a backend server that accesses the arxiv-where most AI -Research is posted– With a few other resources, combining with paper abstracts for words like “novel”, “first”, “surprising” as well as some technical terms that I am interested in. It’s a job in progress, but I impressed how easy it was to put something useful as possible, even if I had to fix some mistakes and tuning problems with hand.
A key problem with this kind of VIB-coded website, however, is that it is difficult to know what security vulnerabilities you may have introduced. So when I talked to Herbert-Voss about Sybil, I decided to ask if it could test my new weakness website. Fortunately, and just because my site is so incredibly basic, Sybil has not found vulnerabilities.
Herbert-Voss says most vulnerabilities tend to be the result of more complex functions such as forms, plugins and cryptographic features. We watched as the same agents tried to probe Latest web trade website with known vulnerabilities owned by Herbert-Voss. Sybil has built a map of the application and how it is accessed, probe for weak spots by manipulating parameters and trial edge cases, and then chained together findings, testing of hypotheses and climbing until it breaks something significant. In this case, it identified ways to hack the site. Unlike a man, Herbert-Voss says that Sybil arranges thousands of these processes in parallel, does not miss details and does not stop. “The result is something that behaves as an experienced attacker, but works with machine precision and scale,” he says.
“AI-powered pen testing is a promising direction that can have significant benefits to defend systems,” says Lujo Bauer, a computer scientist from Carnegie Mellon University (CMU), who specializes in AI and computer security. Recently Bauer co -authored Study with others by CMU and an AI researcher of AI company, which explores the promise of AI -Penetrating testing. The researchers found that the most advanced business models cannot perform online attacks, but developed a system that set high -level goals such as scanning a network or infect host, which enabled them to perform piercing tests.
