@geekbb: Use Multi-Agent to automatically run the entire CVE mining process, from selecting projects, reviewing code, verifying vulnerabilities to generating ready-to-submit vulnerability reports. https://github.com/larlarua/AutoCVE…
Summary
AutoCVE is an open-source tool that uses multi-agent collaboration to automatically complete the entire process from project screening, code audit, vulnerability verification to generating CVE reports, supporting one-click CVE vulnerability mining.
View Cached Full Text
Cached at: 06/30/26, 07:38 AM
Simplified Chinese | English
Similar Articles
@AdamShao: Officially open-sourcing my vulnerability discovery tool: http://flounders.xyz This is an AI Agent-based fully automated vulnerability discovery workflow. You just tell the AI which project's vulnerabilities you want to find, and it will automatically download code and documentation, deeply audit the code, discover suspicious vulnerabilities, automatically verify them locally and online…
Flounder is an open-source AI agent-based tool that automates vulnerability discovery in codebases. Users describe the target and the tool autonomously downloads code, conducts deep code audits, tests vulnerabilities locally and online, and generates reports.
Unclecheng-li/VulnClaw
VulnClaw 是一个基于 LLM Agent 和 MCP 工具链的 AI 驱动渗透测试 CLI 工具,支持自然语言输入自动完成信息收集、漏洞发现、利用和报告生成全流程。
@vintcessun: Alibaba open-sourced a code review tool. The core idea is interesting — a hybrid architecture of deterministic engineering + Agent. Common issues with pure LLM review: incomplete coverage, line number drift, and unstable quality. It uses a deterministic pipeline for file selection, grouping, and rule matching, while the Agent is only responsible for dynamic decision-making and context...
Alibaba open-sourced Open Code Review, an AI code review CLI tool that adopts a hybrid architecture of deterministic engineering and Agent. It has been running internally for two years and has discovered millions of defects.
@XAMTO_AI: If you've used traditional manual penetration testing, you know!! Juggling multiple tools like Burp, Nmap, Metasploit, switching back and forth, spending hours on recon and exploit, writing PoCs by hand, writing reports until you question your life, false positives everywhere, while real vulnerabilities slip through... One developer couldn't take it anymore and open-sourced a...
Strix is an open-source AI penetration testing tool that uses autonomous AI agents to perform real vulnerability discovery and exploitation, generating working PoCs and compliance-ready reports. It supports multi-agent orchestration, CI/CD integration, and various LLMs, aiming to replace manual pentesting with AI-driven automation.
@servasyy_ai: If you're maintaining a project alone without a security team and always feel uneasy before launch, this is basically a gift for you. To be honest, I don't trust most of the so-called "AI security scanners" on the market. After scanning, they give you a screen full of warnings, 90% of which are false positives – pure waste of time. That was until I looked into strix, which topped the GitHub daily leaderboard these past two days. It's different. Strix…
Strix is an open-source AI penetration testing tool that dynamically runs applications in Docker sandboxes, uses the Caido proxy to intercept traffic, and leverages a Python sandbox to write practical Proof-of-Concept exploits to discover and verify vulnerabilities. It supports multi-agent collaboration, automatic patch generation, and CI/CD integration, making it more practical than traditional scanners with high false positive rates.