Strix is a fully open-source penetration testing agent. It finds real vulnerabilities in real apps, validates them, and generates detailed reports with PoCs.
Recently, companies like XBOW and others have claimed to build “the best AI hacking agents.” But so far, none are open, transparent, or usable - mostly marketing, benchmarks, and waitlists.
We launched Strix just a month ago. Since then, it’s grown to ~2,000 stars on GitHub and ~8,000 downloads.
Today, Strix is already being used by security engineers at Fortune 500s, top 1% bug bounty hunters on HackerOne, and major auditing/compliance firms - finding 100s of critical vulnerabilities in production systems and OSS projects.
We built Strix because we believe security should be open, accessible, and trusted - not hidden behind closed tools for only the biggest enterprises.
We’re excited to bring an open framework that lets anyone automate their pentesting in hours, not weeks, to enable continuous security testing instead of once-a-year point-in-time audits.
In the last few weeks, we shipped updates that added more capabilities to the agents, support for local models, and other major improvements.
Strix is Apache-2.0 licensed and fully open source.
We’d love to hear the HN community’s thoughts!