I've been developing MCPwner, an MCP server that lets your AI agents auto-pentest security targets.
While most people are waiting for the latest flagship models to do the heavy lifting, I built this to orchestrate GPT-4o and Claude 3.5 Sonnet models that are older by today's standards but, when properly directed, are more than capable of finding deep architectural flaws using MCPwner.
I recently pointed MCPwner at OpenClaw, and it successfully identified several 0-days that have now been issued official advisories. It didn't just find "bugs". it found critical logic bypasses and injection points that standard scanners completely missed.
The Findings:
Environment Variable Injection
ACP permission auto-approval bypass
File-existence oracle info disclosure
The project is still heavily in progress, but the fact that it's already pulling in multiple vulnerabilities and other CVEs I reported using mid-tier/older models shows its strength over traditional static analysis.
If you're building in the offensive AI space I’d love for you to put this through its paces. I'm actively looking for contributors to help sharpen the scanning logic and expand the toolkitPRs and feedback are more than welcome.
[link] [comments]
from hacking: security in practice https://ift.tt/oiFb5QI
Comments
Post a Comment