The Vulnerability Curve Bent With the AI Curve
How CVE volume, known-exploited counts and time-to-exploit all changed shape across the LLM build-out and why defenders are now on the wrong side of the clock. In 2018 the world published about 18,000 CVEs and the average vulnerability took roughly two months to get exploited after it went public. By 2025 the world was publishing nearly 50,000 CVEs a year and the average vulnerability was being exploited before it was disclosed. Those two facts are the whole story. The number of vulnerabilitie
NeoEngineering
How Neo's Agent Architecture Evolved: From One Agent → Plan, Execute & Verify
Our first engineering post covered prompt caching, the infrastructure change that made long-running agentic tasks economically viable. That post assumed a multi-step, multi-agent system already existed. It did not exist on day one. When we started building Neo, the product was a single agent with a sandbox and a large toolset. Today, a typical task runs through optional planning, an Execution agent that delegates to parallel specialized subagents, and a verification loop that can re-run w
Neo
Red-Teaming Cloud Infrastructure with Neo
Most AI security tooling shipped over the last year focuses on one of two workflows, code review at PR time or zero-day research in open-source software. Models in PR pipelines now flag insecure patterns at every commit and autonomous research runs have produced more zero-days across open-source projects than the patch teams behind them can realistically triage. We've been running Neo on both of those workflows at ProjectDiscovery for a while now, surfacing zero-days in production software and t
Nuclei & Templates
Nuclei Templates - April 2026
Two releases shipped this cycle - v10.4.2 (April 15) and v10.4.3 (May 5) - delivering deep KEV coverage, a major push into AI/LLM attack surface, fresh Perforce visibility, and broad quality improvements across the template library. 🚀 April Stats Release New Templates CVEs Added First-time Contributors v10.4.2 121 61 15 v10.4.3 105 62 12 Total 226 123 27 * 226 new templates shipped across both releases * 123 CVEs covered, including ~10 actively exploited vulnerabilities
WebinarNeoNuclei
From Nuclei to Neo: LIVE with Rishi
Nuclei changed how the industry thinks about vulnerability scanning. Neo is the next chapter. Join us on Wednesday, May 20th, at 1 PM ET as Davis sits down with Rishi in San Francisco to cover why we created Nuclei, the hard questions in security, and where the industry is going.
WebinarNeoDAST
DAST: A blast from the past
Legacy DAST struggles with modern apps. Learn where it still fits, where it fails, and what to ask when evaluating a modern DAST replacement.
ResearchApplication Security
The Trust Gap Behind the AI Coding Boom: What 200 Security Practitioners Just Told Us
New research from ProjectDiscovery surfaces an uncomfortable truth: Engineering has accelerated, and Security has been left to absorb the impact, mostly by hand. If you work in application security right now, you already know the shape of the problem. Pull requests are landing faster than they used to. The diffs are bigger. The author on the commit is increasingly your engineering team's AI assistant, not the engineer themselves. And somewhere downstream, you and a small team are expected to ke
NeoDAST
Benchmarking Neo's Black-Box DAST Capabilities
Since the launch of Neo, we've been steadily expanding what it can do. Neo has found 33+ real CVEs across open-source projects, performed well on white-box security testing where source code is available, and generally proven itself as a capable security engineer when it has context to work with. What we hadn't shared yet is how Neo does when it's operating purely as a black-box DAST agent no source code, no architecture context, just a URL. The prompt Neo gets is a minimal prompt with no guida
ResearchAIAI Coding Impact
The AI Code Deluge: Are Security Teams Ready?
200 cybersecurity practitioners told us what AI-assisted coding is really doing to their teams. The short version: engineering is shipping faster than ever, and security is absorbing the impact. This report breaks down where the pressure is building, what is breaking, and what it will take to close the gap.
NeoWebinar
Neo v. DIY: The gap between a single finding and a mature security program
In our latest webinar, our Founding Solutions Engineer, Davis Franklin, addressed the massive gap between finding a vulnerability with an LLM and running a mature security program. That gap is what Neo is built to close. With the release of Opus 4.6 and the announcement of Mythos, the question we hear constantly has gotten louder: Can I just build this with Claude Code? The short answer is yes. You can spin up a working PoC in about half an hour, find a real vulnerability, and feel genuinely co
NeoEngineering
How We Cut LLM Costs by 59% With Prompt Caching
At ProjectDiscovery, we've been building Neo, an autonomous security testing platform that runs multi-agent, multi-step workflows, routinely executing 20-40+ LLM steps per task. Vulnerability assessments, code reviews, and security audits at scale, enabling continuous testing across the entire development lifecycle. When we launched, our LLM costs were staggering. A single complex task with Opus 4.5 could consume 60 million tokens. Then we implemented prompt caching. Here's what changed:
WebinarNeo
Can't we do this with Claude Code?
We ran the experiment so you don't have to. Join our Founding Solutions Engineer, Davis Franklin, for a live look at the execution harness behind Neo and why it's harder to replicate than it looks.