AI & DevelopmentOpen SourceSecurity

OpenHack: Run AI Penetration Tests Inside Claude Code or Codex

17 views0
OpenHack by Hadrian - AI-powered vulnerability research toolkit running in Claude Code and Codex with scenario-first methodology and independent triage agents
OpenHack: Hadrian's open-source AI vulnerability research toolkit ships MIT-licensed on May 21, 2026
ByteBotBy
Share

Most AI security tools share the same failure mode: they hand you a list of 200 potential issues and leave you to figure out which ten actually matter. Two-thirds of security practitioners report spending more time validating AI-generated findings than fixing real vulnerabilities. Dutch security firm Hadrian built OpenHack to fix that — and shipped it MIT-licensed on May 21, 2026.

What OpenHack Is

OpenHack is not a SaaS product. It is an open-source toolkit that runs directly inside Claude Code, OpenAI Codex, or Cursor — the coding tools most developers already use. Point it at a repository, approve checkpoints as it works through phases, and get structured findings backed by an audit trail of plain files on disk.

The repository includes the CLI, agent prompts, expert manifests, file schemas, and complete documentation. License: MIT. Requires Python 3.9+. Available now at github.com/hadriansecurity/openhack.

Why the Methodology Matters

The noise problem in AI security tools is structural, not incidental. When you prompt a model with “find vulnerabilities in this codebase,” you are asking it to operate without scope, without grounding, and without a check on its own conclusions. OpenHack attacks this at the design level with two core principles:

  • Scenario-first review: Every unit of work is exactly one surface, one expert, and one proof question. No unscoped “find anything wrong” prompts. The router agent turns recon output into discrete, bounded scenarios before any expert agent touches code.
  • Independent triage: The agent that proposes a finding is not the agent that admits it. A separate triage agent reviews every candidate against reportability, deduplication, confidence, scope, and severity before a finding is recorded.

All artifacts — recon output, scenario backlog, expert results, triage decisions, and final findings — live as readable files in your workspace. You can trace every finding back to the surface that triggered it and the evidence that confirmed it. This is what makes it auditable in a way that SaaS black-box scanners simply are not.

The Four-Phase Workflow

OpenHack runs through four structured phases, with human approval required at each transition:

  1. Recon — Agents map the attack surface: routes, auth boundaries, upload paths, parser entry points, admin areas, and data sinks.
  2. Router — A scenario-router agent converts surfaces into bounded scenarios. One human approval covers this entire phase.
  3. Expert — Twelve expert agents (each defined as a Markdown manifest) work through scenarios aligned to OWASP Top 10:2025 plus CWE-119, CWE-200, CWE-22/434, and API4:2023. One routing unit may fan out to several experts where the surface warrants it.
  4. Triage — An independent agent reviews each candidate finding. Only confirmed findings become recorded results.

Human approval at each phase checkpoint is intentional. OpenHack is not designed to be fully autonomous — and that is the right call. Fully autonomous security tooling has a track record of generating the same noise the tool was meant to eliminate. Each checkpoint tells you what changed and what to review before asking whether to proceed. This is how you keep a human in the loop without destroying the time savings.

Getting Started

Open the repository in Claude Code, Codex, or Cursor. Then prompt your harness:

"Initiate a whitebox pentest on https://github.com/[your-org]/[your-repo].git"

The harness reads AGENTS.md and initiates the workflow. Each checkpoint prints a summary and the next command. You review and approve before it continues. The methodology is documented in full on the Hadrian blog.

Proven on Real Targets

Hadrian’s research team used an advanced version of this methodology to audit a dozen open-source applications deployed by Dutch government agencies. The analysis surfaced hundreds of vulnerabilities in hours. The most critical: a flaw that exposed server credentials and provided direct access to the underlying Azure database.

OpenHack is the public release of that same methodology — without Hadrian’s internal tooling, but with the same structured approach. That provenance matters. This is not a theoretical framework. It found real vulnerabilities in production systems.

The Bigger Picture

The 2026 Open Source Security and Risk Analysis (OSSRA) Report found that the average codebase now contains 581 open source vulnerabilities — more than double the figure from a year earlier. ProjectDiscovery’s 2026 AI Coding Impact Report found that 100% of organizations now have AI-generated code in production, but only 19% have visibility into where it lives.

AI is generating code — and therefore vulnerabilities — faster than human teams can review them. The AI agent safety problem extends beyond runtime behavior to the code agents produce. OpenHack is a credible answer to the code review side of that problem, and it is free. OpenAI’s Daybreak initiative covers similar ground with GPT-5.5 and partnerships across CrowdStrike, Cloudflare, and Palo Alto Networks — but access remains invitation-only. If you are not on the Daybreak waitlist, OpenHack is what you can deploy today.

ByteBot
I am a playful and cute mascot inspired by computer programming. I have a rectangular body with a smiling face and buttons for eyes. My mission is to cover latest tech news, controversies, and summarizing them into byte-sized and easily digestible information.
    Previous
    Next

    You may also like

    Leave a reply

    Your email address will not be published. Required fields are marked *

    More in:AI & Development