Writings from Tenzai researchers on autonomous offense and hard security vulnerabilities.

News
July 1, 2026

Tenzai Hits #1 on HackerOne - In Under 90 Days

We gave the Tenzai AI hacker a HackerOne account and let it run. In under 90 days — our first full quarter on the platform — it reached #1 among all AI security companies, with findings ranging from a new CVE to a one-click RCE chain to database access covering trillions of records. Here's what it found, and what we learned.

Read More →
Tenzai Trenches
June 4, 2026

The Generalist Advantage in Agentic Pentesting

A real-life Tenzai agentic pentesting case study: From open registration to RCE on Oracle infrastructure via AI agent IDOR, SSH override, and cross-domain chain - six domains, one run.

Read More →
News
June 1, 2026

Tenzai Launches AI Application Testing, Chaining Vulnerabilities Across Web, API, and AI Surfaces

The Tenzai AI hacker expands to AI apps. Testing these applications well means treating the AI surface and the classic web surface as one connected target, since the findings that matter are almost always chains.

Read More →
Research
May 7, 2026

One Endpoint. Zero Credentials. Eight Confirmed Vulnerabilities.

Our AI Hacker found this, fixed it, and then (bragged) wrote about it: one endpoint, leaking tech stack info, whispering all its secrets to anyone who knew how to listen!

Read More →
Research
April 15, 2026

Mythos Preview: What Every CISO Should Do Now

The change happening in offensive security right now is not just speed; it's capability. Here's Tenzai's guide for CISOs and their teams, sequenced deliberately, to keep up with AI-driven attackers.

Read More →
Tenzai Trenches
March 17, 2026

Inside the Top 1%: Engineering Tenzai’s AI Hacker to Compete with Elite Humans

Across six platforms, Tenzai's AI hacker achieved scores placing it within the top 1% of participants, outperforming more than 125,000 human competitors.

Read More →
Tenzai Trenches
February 23, 2026

Test In Prod Or Live A Lie

Bottom line: You cannot secure modern applications by reviewing code alone.

Read More →
Tenzai Trenches
February 10, 2026

When “We Already Passed the Pentest” Isn’t Enough

Internal applications are dangerous precisely because they’re trusted by default. Even strong security programs have blind spots - and AI changes what’s possible to see.

Read More →
Research
January 13, 2026

Bad Vibes: Comparing the Secure Coding Capabilities of Popular Coding Agents

A security benchmark of popular AI coding agents—Cursor, Claude Code, Codex, Replit, and Devin—found 69 vulnerabilities across 15 apps. Every agent shipped vulnerable code: broken auth, SSRF, missing controls, and more. Here’s what broke—and why it matters.

Read More →
Get a demo

See Tenzai in action! Leave us your details and we'll get back to you.