Solving Vulnerability Management: ProjectDiscovery’s RSA Innovation Sandbox Win

Last week, ProjectDiscovery took home the title of Most Innovative Startup at the 2025 RSA Innovation Sandbox, the biggest stage in the world for security innovation. While much of this year’s buzz centered on securing AI, our win was a powerful signal: even as new frontiers emerge, foundational problems like vulnerability management remain unsolved. Security leaders are still spending millions on tools that generate noise instead of insight, and the industry is ready for a better way.

Our COO, Andy Cao, stepped on stage in front of several thousand conference attendees to share what many in the community already knew: vulnerability scanning is broken. Legacy scanners like Tenable and Qualys, built over 20 years ago, haven’t evolved to detect today’s security risks. They generate tons of noise due to outdated, primitive version checks that overwhelm security teams with false positives. As a result, security teams are stuck chasing ghosts instead of fixing what is actually exploitable.

At ProjectDiscovery, we are solving this with Nuclei, an open-source vulnerability scanner that thinks like an attacker. With YAML-based templates and conditional logic, Nuclei identifies real, exploitable issues while filtering out the noise. It’s fast, flexible, and one of the most widely adopted open-source security tools in the world with over one million active users.

The power of that community was front and center in our presentation. We now have over 10,000 Nuclei detection templates, many of them contributed by security researchers, ethical hackers, and engineers around the world. From GitHub to Starbucks, organizations have rewarded contributions to Nuclei that catch real threats faster than legacy tools ever could. Every contribution goes through an internal review process to ensure accuracy, quality, and real-world effectiveness.

In one example, our community created a working detection for a Next.js auth bypass within 12 hours of the CVE-2025-29927 drop. One of our customers, Elastic, used that template to scan 15,000 assets in under 5 minutes, saving hundreds of hours in manual validation (see case study). Meanwhile, traditional vendors released version-based detections that couldn’t confirm exploitability.

This is the modern approach to vulnerability detection. It’s fast. It’s accurate. And it’s transparent.

To our contributors, bloggers, community reviewers, researchers, and advocates: thank you. Together, we have built something extraordinary. Our work has changed how security teams operate, and this recognition is yours as much as it is ours.

We are just getting started. With ProjectDiscovery Cloud, we are bringing that same power to enterprise environments, combining the flexibility of open source with the performance, scale, and workflows modern teams need. With the rise of AI, we’re automating the manual workflows of vulnerability management by enabling teams to create Nuclei templates for every vulnerability issue, creating the foundation for automated retests to validate fixes and on-going regression tests to reduce risk.

No noise from primitive version checks. No black box scanning. Just real coverage, built by the community and scaled for the enterprise.

This is security for the modern internet.

This is ProjectDiscovery.

Want to learn more about the award-winning product at RSA? Book a demo here to connect with our team.