Ostorlab Team

Articles by Ostorlab Team

This release introduces App Vetting, Scan Coverage Heatmap, Mobile Shielding Scan, Deep Agentic Scan improvements, Cyber Models, additional model support, and source code scanning.

Product

Single Vulnerability Assessment (SVA), Dig Deeper, Scan Report PDF Design Improvement & Multilanguage Support

This release introduces Single Vulnerability Assessment (SVA) for targeted validation, Dig Deeper...

Mon 01 June 2026

Product

Deep Agentic Scan (BYOK), New CI Integrations, Scan Filters & Performance

This release highlights Agentic Deep Scan with BYOK (Bring Your Own AI Key), adds Harness + Bitri...

Fri 27 March 2026

Product

Ostorlab Launches Agentic Deep Scan: The next-generation vulnerability scanner

Ostorlab has launched Agentic Deep Scan, a next-generation vulnerability scanner that validates r...

Thu 19 March 2026

An AI-assisted analysis uncovered a 30-year-old uninitialized buffer vulnerability in glibc's _nss_dns_getnetbyaddr_r function. This case study details how a zero-input edge case bypasses loop logic, causing the library to transmit raw stack memory to external DNS servers, and benchmarks how various AI models succeeded in identifying this subtle logic error where human review failed.

This release delivers major advancements across the Ostorlab platform, including a significant upgrade to AI Pentest, enhanced web and mobile automation, a full-featured ServiceNow integration, redesigned email notifications, improved threat intelligence capabilities, and comprehensive access control enhancements with role and owner-based permissions.

Latest posts

Ostorlab AI Pentest Engine: How it Works

Technical deep dive into Ostorlab AI Pentest Engine inner working, from threat intelligence, risk identification, mobile support to vulnerability validation.

Mon 27 October 2025

Going Beyond: Ostorlab AI Engine Discovers Unknown Vulnerability Classes

Ostorlab’s reasoning-driven AI engine breaks past rule-based limits to surface previously unknown and hard-to-detect vulnerabilities—including WebView Safe Browsing bypasses, SQLi via projections, WebCrypto key exfiltration, and JWT verification ordering flaws—delivering deeper, smarter, complementary security coverage.

Mon 13 October 2025

Mobile Benchmarking, Monkey Tester Reliability, and Deeper Web Crawling

This release introduces newly developed insecure mobile apps, improves the Monkey Tester for reliable prompt-based input during dynamic scans, and enhances the web crawler to explore deeper routes with faster performance. These improvements boost scanning coverage, accuracy, and reliability

Tue 23 September 2025

Introducing Ostorlab Security Testing Benchmarks: Real Vulnerabilities, Real Impact

The first open-source benchmark suite featuring 93 realistic vulnerable mobile apps that mirror actual CVE and bug bounty findings - not theoretical textbook examples.

Mon 22 September 2025

Banking Report 2025: Security at the Core of Mobile Finance

Large-scale security analysis of 500+ top mobile banking apps reveals widespread vulnerabilities, decade-old codebases, and concerning backend centralization patterns.

Mon 15 September 2025

Automating Security Research: AI Engine Exploits Complex Blind Code Injection

Precision beats payload spray using Ostorlab's AI engine to systematically land RCE on Titiler and proves exfiltration without a single stack trace.

Thu 04 September 2025

AI-Powered Pentesting: A Deep Dive into Android Intent Redirection

This article showcases Ostorlab's AI Pentest Engine's process for analyzing an Android application for Intent Redirection vulnerabilities. Follow the engine's journey from static analysis and initial findings to rigorous dynamic validation, demonstrating its ability to not only identify potential threats but also to meticulously discard false positives.

Sun 31 August 2025

Automating Security Research: AI Engine Exploits GCP Service Account Secret

This article presents a thorough, hands-on analysis and real-world exploitation of a hardcoded GCP service account with overprivileged Pub/Sub access discovered in a HackerOne mobile app. It details how Ostorlab’s AI-powered pentesting engine automated the full cycle—from authentication and permission enumeration to end-to-end message injection/interception—enabling remediation within four days.

Thu 28 August 2025


Previous
1 of 11