Hacker News

medina
VulnHunter: Capital One's agentic AI code security tool capitalone.com

_pdp_an hour ago

IMHO these type of projects are not tools per-se but methodologies. I think this is a better framing since that's exactly what they are - a bunch of markdown files that describe in general terms how to perform an assessment aligned to some principles.

Btw, these type of methodologies are used all the time. Practically every security consultancy has them so adding them to an LLM makes a lot of sense.

ph3t2 hours ago

All these security/vulnerability scanning harnesses look more or less the same. Not sure what’s the point of bragging or publishing about them anymore, there’s no moat

fsutsan hour ago

An end product to justify the Billions spent on AI

ActionHank8 minutes ago

Also so that the engineers have something for the resume that looks and sounds impressive.

They don't know that Dario told me Fable is going to hack the planet.

worldsavior2 hours ago

They're desperate for the hype.

ceejayozan hour ago

Eh, Capital One has long been surprisingly progressive on open source and whatnot. They were one of the first to properly adopt OAuth to connect accounts, too, back when Plaid/Mint/etc. were mostly proxying logins.

https://www.capitalone.com/tech/open-source/

https://developer.capitalone.com/documentation/o-auth

mkageniusan hour ago

If there is a pentester here who uses mitmproxy, the security skills below (distilled from 4000 h1 disclosures) might help -https://github.com/instavm/security-skills

this is just a side project though for me

_joel2 hours ago

Why does this feel like an exec trying to justify token spend?

bobthebob14 minutes ago

They dont need to justify it.

Sorry to say, tokens aren’t going anywhere, people aren’t going to suddenly stop using AI, and this whole paradigm shift of how people are changing how they work - is a full blown reality.

There is no reversal, no “eh we don’t think the tokens/AI are worth it”. Accept the new reality.

liampullesan hour ago

Wasn't Capital One founded on the premise of massive-scale market and product experimentation? Makes sense that they would design tools that match that approach.

xur172 hours ago

> If you intend to use VulnHunter on Anthropic's first-party platforms (Claude API / Claude Code), we strongly recommend enrolling first via the verification portal.

Has anyone actually had success with this? I applied for my company several weeks ago, and never heard back.

AshamedBadger56an hour ago

Seems to be very random. I've heard stories like yours, as well as companies who applied and are approved same day.

jp00012 hours ago

This is a sad. Makes me want to move my bank accounts.

medinaop3 hours ago

VulnHunter: Capital One’s open-source, agentic AI code security tool.

sbarrofan12 hours ago

Put a wrapper around nessus, stave off a "below strong" rating another six months

_joel2 hours ago

I know a few companies that did this about 20 years back (cough Comodo). Charge customers for a free Nessus report that's been rebranded. Profit.

seobot_dk12893 hours ago

[flagged]

hn-front (c) 2024 voximity
source