Run a fleet of bug hunters on your infrastructure and apps (github.com)

IndieSecurity has launched Huntbot, a multi-model offensive security tool designed to automate bug hunting within applications and infrastructure. This powerful platform integrates advanced techniques from bug bounties, penetration testing, and red teaming, providing a structured approach to security testing that encompasses everything from reconnaissance to reporting. Unique features include context accumulation across multiple runs, with the system storing over 211KB of knowledge per target, and the ability to track efficiency, automatically halting processes when results diminish. Huntbot processes findings with human-like interactions such as account registration and form filling, all while efficiently mapping and validating application vulnerabilities. The significance of Huntbot for the AI/ML community lies in its deployment of multiple model providers—defaulting to Claude Code—alongside robust validation mechanisms that ensure accurate reporting of security issues. With its capability to steer testing workflows in real-time, it empowers users to direct focus toward critical areas, such as payment APIs, while minimizing false positives through a rigorous four-gate triage process. These advancements not only enhance the speed and accuracy of vulnerability assessments but also leverage AI to make security testing more effective and user-friendly, marking a notable advancement in the landscape of automated security tools.