What Does It Take to Automate Hacker Intuition?
In 1984, William Gibson imagined the answer in his foundational cyberpunk novel Neuromancer. Writing on a manual typewriter, he described a legendary hacker whose mind gets preserved as a ROM construct after he dies. His instincts and expertise, all of it captured and deployable anywhere without the limitations that came with being human. Automated hacker intuition guides the main character to move faster and further against targets in a way that is only possible with machine assistance.
In an era where the systems we rely on are increasingly fragile, scaling hacker intuition is the only way to keep up.
The Stakes Are High
Software defines the modern world. It powers financial systems, healthcare, infrastructure, and the core operations of every enterprise. Modern applications deploy continuously, which means that attack surfaces evolve in real time. And today, the pace moves even faster because AI systems autonomously generate code and execute actions on machines. In 2025, both StackOverflow and JetBrains reported that ~84% of developers use AI coding tools.
At the same time as this revolution in software productivity, the security model hasn’t meaningfully changed. Security teams still rely on dynamic application security scanners and point-in-time penetration tests to proactively test software for vulnerabilities. Bug bounty programs represented a step forward in that they move real attackers into a continuous testing process. Unfortunately, they are still constrained by human attention, incentives, and scale. Across all solutions, coverage is uneven, critical paths can go unexplored, and results depend on whether the right researcher or tool looked at the right target at the right time.
Scaling Hacker Intuition
Sybil is the world’s first black-box AI offensive testing solution, purpose-built to scale up hacker intuition. Sybil agents operate outside-in: crawling your application to mapping the attack surface, developing hypotheses about function and purpose, and testing these hypotheses continuously so teams can keep up with the machine speed of modern software. Like an expert red team, they not only find and validate vulnerabilities but also prioritize and suggest fixes to help teams drive faster remediation cycles.
Real attackers don’t see just the code. They see a living system: running services, authentication flows, API boundaries, misconfigurations, data flows, and the subtle ways components interact in production. Looking at source code alone is like looking at the bones of a dinosaur. You can reconstruct the skeleton, but you’re missing the environment it lived in: the terrain, the predators, and the conditions that determined how it behaved. Sybil operates holistically starting from black-box-level access and can accept a wide variety of information sources all the way up to white-box-level access. This flexibility allows Sybil to adapt to any environment and mimic any threat model.
The Humans behind the Machine
The journey to creating Sybil started with GPT-2. In 2019, I dropped out of my machine learning PhD at Harvard to join a little-known startup called OpenAI. I spent three years there as the first security research hire. That time included core research contributions to GPT-3 and Codex, and building the first versions of malicious use monitoring systems. I left to start this company. Through the hacker scene, I met my cofounder, Vlad Ionescu, who had spent seven years at Meta building and leading offensive security teams. This included work on large-scale red teaming and using agentic systems to scale internal capabilities.
We’ve seen both how modern AI systems are built and how real attackers think. We’ve built our team with the rare intersection of experience on the world’s best security teams and driving research forward at the foundation lab level. We built Sybil for the eventuality of increasingly capable AI models and the implications this has on security.
The Future is Already Here
As I argued in Wired, improvements in LLM reasoning capabilities is the driver of improvements on security tasks. The speed of vulnerability discovery will only increase from here. Our mission at RunSybil is to push this even farther: we want everyone to run Sybil on everything so that we find and fix problems before the bad guys. The alternative is defending against automated attacks with manual tools.