The App Was Never Opened
Agentic harnesses change what an LLM can do in mobile app security testing. On its own, a model can name likely risks such as insecure storage, exposed secrets, risky permissions, vulnerable SDKs, backend issues, and privacy exposure, but the app may remain untouched. With the right tools, context, memory, prompts, execution loops, and runtime feedback around it, the model can inspect the app package, observe behavior, follow traffic, connect signals, and leave behind evidence a security team can review. From permission analysis to JEF-powered native exploitation, the difference is visible in the trace: app evidence, tool output, runtime proof, and reproducible steps instead of report-shaped text.
Thu 25 June 2026
Introducing Ostorlab App Vetting for the Agentic Era
Ostorlab has launched App Vetting, a mobile application risk assessment solution that helps teams...
Tue 16 June 2026
Building an AI PR Reviewer Engineers Actually Trust
We built an AI-powered pull request reviewer, shut it down after hallucinations and false positiv...
Mon 08 June 2026
DORA Compliance Checklist for Banking & Fintech: Audit-Ready Operational Resilience Validation
A DORA compliance checklist helps banking and fintech organizations evaluate operational resilien...
Wed 29 April 2026
Mobile Banking Security Testing: Protecting Financial Apps, Data, and Transactions
Protecting mobile banking apps requires more than securing the client alone. This guide explores the risks across devices, networks, and backend systems, and explains why continuous mobile security testing is essential for protecting financial data and transactions.
Announcing Ostorlab for Harness: Mobile Security Scanning in CI Pipelines
Ostorlab now integrates with Harness CI to run automated mobile application security scans inside CI pipelines. Using Harness Secrets and a simple Run step, teams can install the Ostorlab CLI and run ostorlab ci-scan run against the same build artifacts produced by the pipeline (e.g., Android APK, Android AAB, or iOS IPA). The integration helps bring security into CI by improving feedback speed and catching vulnerabilities earlier, with options to tailor scans via profiles (fast, full) and optional inputs like test credentials, SBOM, and UI prompts.
Latest posts
How to Automate Security Testing Behind Login Walls (2FA & MFA)
Modern applications are more secure than ever, but that security introduces a major challenge. With the widespread adoption of Two-Factor Authentication (2FA) and Multi-Factor Authentication (MFA), automated security testing often stops at the login stage. As a result, automated testing often fails to reach the parts of the application where real user activity and risk exist.
Mon 30 March 2026