The offensive security community has spent the last two years debating whether AI can truly find vulnerabilities — or whether it just sounds convincing while hallucinating CVEs that don’t exist. Hadrian just answered that debate by open-sourcing the methodology behind hundreds of real vulnerability discoveries, including critical-severity flaws in software running inside Dutch government agencies.
OpenHack, released May 20, 2026 under the MIT License, is not a scanner. It is not a plugin. It is an autonomous multi-agent workflow that mimics how a seasoned security researcher thinks through code — surface by surface, hypothesis by hypothesis — and it runs natively inside Claude Code, OpenAI Codex, and Cursor.
This is the moment AI vulnerability research stops being a research curiosity and becomes a commodity.²
What OpenHack Actually Is
Strip away the marketing language and OpenHack is a file-based state machine that orchestrates a chain of specialized AI agents through a disciplined vulnerability research workflow. Every phase produces a durable artifact on disk — cloned source, recon items, scenario prompts, scenario results, finding candidates, triage decisions, findings, and logs. Nothing lives only in memory. Nothing gets lost between sessions.
The architecture is deliberate. The coding harness — Claude Code, Codex, or Cursor — supplies model execution, terminal access, and repository access. OpenHack supplies the research discipline: the order of operations, the state transitions, the scenario routing logic, and the expert knowledge encoded in twelve Markdown manifests.
A human operator sits at every phase gate. Expert scope must be approved before reconnaissance begins. Scenario routing decisions require approval after recon. The scenario backlog gets human sign-off before expert agents go to work. The finding-triage backlog gets reviewed before candidates become final findings. This is not AI running loose — it is AI doing the heavy cognitive lifting with a human controlling every meaningful decision boundary.
The Workflow: Recon to Finding
The research chain runs in five stages, each producing durable output that feeds the next.
Recon agents go first. They discover every meaningful attack surface in the target codebase — routes, sinks, authentication boundaries, file upload paths, parser entrypoints, manifest files, and admin interfaces. This is the surface mapping phase, and it produces a structured list of recon items that the next agent uses as raw material.
The scenario router takes those recon items and converts them into scoped research scenarios. Each scenario is a focused hypothesis about a potential vulnerability class at a specific surface. The router does not try to prove anything — it produces a backlog of candidate investigation paths and hands them to the expert agents.
Expert agents run each scenario independently. They attempt to prove or reject the vulnerability hypothesis through code analysis, tracing execution paths, checking boundary conditions, and evaluating trust assumptions. A scenario that an expert agent cannot prove does not become a finding candidate.
An independent triage agent reviews verified candidates. It makes the final determination about which candidates become findings, functioning as a second opinion layer that filters false positives before output reaches the human operator.
The durable chain — recon item to routing unit to scenario to scenario result to finding candidate to triage decision — means the workflow can be paused, resumed, audited, and replayed at any point. Every decision is traceable.
The Twelve Expert Families
OpenHack’s expert layer is built around twelve vulnerability families, each defined as a Markdown manifest declaring its identifier, category, ownership model, applicable standards, and routing signals that tell the scenario router when to engage it.
The coverage spans OWASP Top 10:2025 in full — Broken Access Control, Security Misconfiguration, Software Supply Chain Failures, Cryptographic Failures, Injection, Insecure Design, Authentication Failures, and Software and Data Integrity Failures. SSRF is folded into Broken Access Control, matching the OWASP 2025 mapping of CWE-918 to A01:2025 rather than treating it as a standalone category.
Beyond OWASP, the registry adds CWE-119 for memory buffer errors, CWE-200 for sensitive information exposure, CWE-22 and CWE-434 covering path traversal and unrestricted file upload, and API4:2023 for unrestricted resource consumption — a direct nod to the API security problem space that most source-code scanners have historically underserved.
Optional Semgrep enrichment is available during the recon phase. Semgrep hits are treated as routing hints, not findings. Verified vulnerabilities must travel through the full scenario and triage chain regardless of what Semgrep flagged. This is an important design choice — it prevents the tool from laundering static analysis noise as AI-confirmed findings.
Why This Changes the Economics
Traditional source code security review has two modes. Automated SAST gives you speed at the cost of false positive volume and shallow analysis. Manual expert review gives you depth at the cost of time and money — a senior application security engineer billing hourly against a 200,000-line codebase is not a scalable model for most organizations.
OpenHack attacks that cost curve from both sides simultaneously. It brings human-level research methodology — surface mapping, hypothesis generation, independent verification, triage — and runs it at machine speed using commodity LLM access that costs a fraction of human reviewer time.
Hadrian’s CEO Rogier Fischer framed the intent precisely: AI-powered vulnerability discovery must move from research curiosity to commodity capability. The open-source release is the mechanism. By publishing the methodology under MIT, Hadrian is not just releasing a tool — they are establishing the workflow pattern that the industry will iterate on.
The other economic shift is accessibility. OpenHack does not require a specialist to operate the AI layer. It requires someone who understands the target codebase and can make meaningful decisions at the phase gates. The expertise requirement moves from “knows how to prompt LLMs for security research” to “understands what the agent is telling you” — a significantly lower bar.
The Mythos Reference and What It Signals
Fischer’s public statement that “security teams don’t need Mythos to find critical vulnerabilities” is not a throwaway line. Mythos is Anthropic’s closed-capability AI security model — purpose-built, access-restricted, positioned as the high end of AI-powered offensive security. The implication from Fischer is direct: OpenHack, running on Claude Code or any other commodity coding harness, can reach into critical vulnerability territory without requiring access to frontier-class restricted tooling.
This is a significant claim. It also validates the broader trajectory that TheCyberThrone has been tracking across the AI security series — the gap between cutting-edge research capability and practitioner-deployable tooling is collapsing faster than the industry expected. Last year, AI-assisted vulnerability research was a lab exercise. This year, it is a GitHub repository with an MIT license.
The Attack Surface Management Lens
From an ASM perspective, OpenHack represents both a capability and a threat model update. On the defensive side, security teams now have an agent-based methodology for continuous whitebox review that scales with codebase size rather than headcount. On the threat side, the same methodology is available to every researcher, bug bounty hunter, and adversary with access to a coding harness.
The human-in-the-loop design is the meaningful guardrail here. OpenHack as released requires an operator at every phase gate — it cannot run end-to-end autonomously without human approval. That design choice reflects genuine operational discipline. It also means the guardrail is a configuration decision, not an architectural constraint. Future forks of the project are not obligated to maintain it.
Organizations that have not already integrated AI-assisted code review into their application security programs now have a reference implementation with proven results. The question is no longer whether AI can find vulnerabilities in your codebase. The question is who finds them first.
Bottom Line
OpenHack does not introduce a new vulnerability class or disclose a specific exploit. What it does is more consequential over the long arc — it codifies, open-sources, and democratizes the research methodology that produced critical findings in government-adjacent software, and it does so in a form that runs on tooling your developers already have open in a terminal window.
The democratization of AI vulnerability discovery is no longer a prediction. It shipped on May 20, 2026, under the MIT License, and it is available on GitHub right now.
Thinking Security! Always.
