VulnHunter: Capital One's agentic AI code security tool

(capitalone.com)

21 points | by medina 2 hours ago

9 comments

  • ph3t 1 hour ago
    All these security/vulnerability scanning harnesses look more or less the same. Not sure what’s the point of bragging or publishing about them anymore, there’s no moat
    • fsuts 20 minutes ago
      An end product to justify the Billions spent on AI
    • worldsavior 34 minutes ago
      They're desperate for the hype.
  • liampulles 13 minutes ago
    Wasn't Capital One founded on the premise of massive-scale market and product experimentation? Makes sense that they would design tools that match that approach.
  • mkagenius 24 minutes ago
    If there is a pentester here who uses mitmproxy, the security skills below (distilled from 4000 h1 disclosures) might help -https://github.com/instavm/security-skills

    this is just a side project though for me

  • xur17 54 minutes ago
    > If you intend to use VulnHunter on Anthropic's first-party platforms (Claude API / Claude Code), we strongly recommend enrolling first via the verification portal.

    Has anyone actually had success with this? I applied for my company several weeks ago, and never heard back.

    • AshamedBadger56 29 minutes ago
      Seems to be very random. I've heard stories like yours, as well as companies who applied and are approved same day.
  • _joel 1 hour ago
    Why does this feel like an exec trying to justify token spend?
  • jp0001 57 minutes ago
    This is a sad. Makes me want to move my bank accounts.
  • medina 2 hours ago
    VulnHunter: Capital One’s open-source, agentic AI code security tool.
  • sbarrofan1 1 hour ago
    Put a wrapper around nessus, stave off a "below strong" rating another six months
    • _joel 53 minutes ago
      I know a few companies that did this about 20 years back (cough Comodo). Charge customers for a free Nessus report that's been rebranded. Profit.
  • seobot_dk1289 1 hour ago
    [flagged]