Ostorlab
The App Was Never Opened
Agentic harnesses change what an LLM can do in mobile app security testing. On its own, a model can name likely risks such as insecure storage, exposed secrets, risky permissions, vulnerable SDKs, backend issues, and privacy exposure, but the app may remain untouched. With the right tools, context, memory, prompts, execution loops, and runtime feedback around it, the model can inspect the app package, observe behavior, follow traffic, connect signals, and leave behind evidence a security team can review. From permission analysis to JEF-powered native exploitation, the difference is visible in the trace: app evidence, tool output, runtime proof, and reproducible steps instead of report-shaped text.
Thu 25 June 2026
Introducing Ostorlab App Vetting for the Agentic Era
Ostorlab has launched App Vetting, a mobile application risk assessment solution that helps teams...
Tue 16 June 2026
Announcing Ostorlab for Harness: Mobile Security Scanning in CI Pipelines
Ostorlab now integrates with Harness CI to run automated mobile application security scans inside...
Mon 06 April 2026
Announcing Ostorlab for Bitrise: Mobile security scans in your CI
Ostorlab now integrates with Bitrise to run automated mobile application security scans inside CI...
Fri 27 March 2026
Ostorlab 2025 Year in Review
2025 marked the turning point where AI in cybersecurity graduated from experimental prototypes to production-grade engines. In this retrospective, we explore how Ostorlab’s new AI Pentest Engine and AI Monkey Tester are already uncovering critical vulnerabilities in the wild, including a complex arbitrary file read chain in Signal for Android. From mapping global banking risks to orchestrating scans with OXO Titan, dive into the year we redefined what automated security testing can actually do.
Scan, Sync, Remediate: Ostorlab Meets Vanta for Faster Audits
This article announces the new integration between Ostorlab and Vanta, explains how it works, outlines the setup process, and highlights the key benefits for security and compliance teams.
Latest posts
Threat Center v2: Staying Ahead of Vulnerabilities
The Threat Center provides essential updates for organizations to stay informed about security threats, offering actionable intelligence and detailed asset information to help users proactively protect their systems.
Thu 10 October 2024
Test Credential Name
The latest update introduces the addition of a "test credential name" feature, allowing users to label test credentials for easier identification and management.
Mon 19 February 2024
2023 in review
As 2023 has concluded, it's time to reflect and prepare for an optimistic 2024.
Wed 10 January 2024
Introduction of a comprehensive audit logging system
Introducing a comprehensive audit logging system including user logins, data modifications, configuration changes, and more.
Mon 20 November 2023
Ostorlab's Victory at the Swiss Cyber defence Security Challenge 2023
Ostorlab clinches the top spot in the Swiss Cyber defense Security Challenge, showcasing their commitment to advancing application security automation.
Fri 10 November 2023
GodFather Android Malware Analysis
In This article, we analyze the GodFather Android malware, which continues to appear in various formats and primarily targets banking and cryptocurrency applications to steal money and sensitive information for the users.
Fri 14 April 2023
Fix it! at Ostorlab
Ostorlab's Fix it! practice is one of our most successful engineering practices helping us eradicate bugs and kill technical debt.
Sun 19 February 2023
New Dashboard, Better Insights
As a reflection of the many new capabilities and changes we have made, we have released a new dashboard providing better insights into an organization's security posture.
Thu 20 October 2022
Changelog
View all changesTest Credential Name
Mon 19 February 2024
Introduction of a comprehensive audit logging system
Mon 20 November 2023