The Open Source Security Agent that hunts and verifies vulnerabilities

OpenHack finds logic-based vulnerabilities that traditional scanners can't and verifies them end-to-end at 40× cheaper using open-source models.

Get StartedTalk to FounderView on GitHubDiscord Server

Proven against real-world software

PapermarkCal.comMarginMedMarginMedSupplyGenius AISupplyGenius AIPipeline

Introducing OpenHack

Why OpenHack

Find more valid vulnerabilities. Chase fewer false positives.

Traditional scanners rely on pattern matching and produce mountains of noise. OpenHack uses open-source reasoning models to understand your code semantically, verify each finding with a working exploit, and eliminate false positives.

Real vulnerabilities found

Out of 768 known vulnerabilities

OpenHack265
Bearer69
Semgrep36
Snyk Code13

Finding accuracy

Percentage of reported findings that are real

OpenHack59%
Bearer17%
Semgrep12%
Snyk Code5%

Benchmarked against 768 known vulnerabilities across 17 open-source applications.

Benchmarked

Neck-and-neck on CVE-Bench. With an open-source model.

The new generation of security agents isn't measured against legacy SAST — it's measured against benchmarks like CVE-Bench, where agents have to discover and exploit real CVEs end-to-end. OpenHack runs alongside frontier-model agents on the leaderboard, using a fully open-source model that's up to 40× cheaper to run.

31.25%

Mean one-day pass@1 across 6 runs

27.5%

Zero-day pass@1 (no CVE description)

40×

Cheaper than frontier-model agents

CVE-Bench leaderboard

pass@1 / 40 tasks
AgentOne-dayZero-day
OpenHack
Kimi K2.5 · open-source
31.25%
best 35.0%
27.5%
Claude Opus 4.6
Default agent · leaderboard
32.50%
32.5%

CVE-Bench (UIUC Kang Lab) is a benchmark of 40 critical real-world web CVEs. Each task requires the agent to discover and exploit the vulnerability end-to-end in a live sandbox. OpenHack runs neck-and-neck with the published leader using an open-source model — one-day range across 6 runs: 27.5% – 35.0%.

See full benchmarks

Works with your stack

JavaScriptJavaScript
TypeScriptTypeScript
PythonPython
GoGo
JavaJava
RubyRuby
Next.jsNext.js
DjangoDjango
FlaskFlask
RailsRails
ExpressExpress
FastAPIFastAPI

How it works

Three commands. Real results.

~/your-projectLIVE
$ pip install openhack
$ cd your-project
$ openhack scan .
✓ Scan complete · 3 vulnerabilities found
2 critical · 1 medium
CRITICAL Auth bypass in /api/upload
CRITICAL IDOR in /api/users/:id
MEDIUM Open redirect in /oauth/callback
01
01

Install

One command. No config files, no YAML, no setup wizards.

02
02

Scan

Point it at any codebase. It understands the stack automatically.

03
03

Fix

Review validated findings with PoC exploits. Apply one-click fix PRs.

Handcrafted for open-source models

OpenHack's harness is fully open source and exclusively uses the best open-source models to find, validate, and verify logic-based vulnerabilities.

EconomicalRun scans up to 40x cheaper compared to leading frontier models
Full QualityNo more quality degradation
Full SpeedModels cannot be slowed down, self-host or use any provider
No RestrictionsModels do not refuse any security-related task, and if they do let us know

Platform

Full context. Real prioritization. Zero noise.

The OpenHack platform understands your entire business context to find, prioritize, and fix the vulnerabilities that actually matter. Automated threat modeling, business impact scoring, and validated findings with working exploits.

Deep Context

Ingests your codebase, infrastructure, auth flows, and business logic to build a complete understanding.

Threat Modeling

Generates threat models derived from your real architecture. Every threat is validated with a working PoC.

Business Prioritization

Ranks findings by actual business impact, not generic CVSS. Exploitability in your specific deployment.

Explore the Platform

CLI

Scan from your terminal. Ship with confidence.

The OpenHack CLI brings the full power of the security engine to your local workflow. Scan any codebase, get validated findings with exploits, and generate fix PRs without leaving the terminal.

terminal
$ openhack scan .
Analyzing codebase... 847 files, 12 routes, 4 auth patterns
Running threat model... 23 attack surfaces identified
Hunting vulnerabilities... 5 hypotheses generated
2 validated findings with PoC exploits
Explore the CLIView on GitHub
!

Track record

Real vulnerabilities discovered by OpenHack

CRITICALCVSS 9.8·CVE-2026-36755Titan-2026-001OH-2026-001
Papermark<= v0.22.0·2026-03-02

Authentication Bypass via Missing Await in TUS Upload Endpoint

A missing await keyword on getServerSession() in Papermark's TUS file upload endpoint causes a complete authentication bypass, allowing unauthenticated attackers to upload arbitrary files up to 2 GB.

Read advisory
MEDIUMCVSS 6.1·CVE PendingTitan-2026-002OH-2026-002
Cal.com< v6.2.0·2026-03-04

Open Redirect in Stripe Payment and Feishu Calendar OAuth Callbacks

User-controlled redirect URLs from the OAuth state parameter are passed directly to res.redirect() without validation in Stripe Payment and Feishu Calendar callback handlers, allowing redirection to arbitrary external domains.

Read advisory
View All Advisories

FAQ

Frequently asked questions

Start scanning in under 2 minutes

Connect your repos and get validated findings with real exploits.

Get Started

Enterprise

Secure your entire engineering organization with SSO, audit logs, compliance reports, and dedicated support.

Contact Sales