ProjectDiscoveryProjectDiscovery Logo
AI PentestingPR Security ReviewThreat ModelingVulnerability RemediationExposure AnalysisTriage
Resources▾
BlogWhitepapersWebinarsResearchEventsPrograms
Pricing
NeoCloud
Request demo

Resource hub

Continuous PR Security Review
NeoApplication Security

Continuous PR Security Review

The security findings that end up in incident post-mortems rarely looked dangerous in the PR that introduced them. Not because anyone was careless but because there's nothing in the change that looks wrong. The code does exactly what it says but the problem is in how the app behaves once it's running. A new endpoint ships without a permission check but every other route in the file handles permissions correctly, so nothing about it stands out. Or a response comes back carrying more of a user's

Footer

See Neo run complex security tasks.

Book a demo.

Request a Demo
ProjectDiscovery Logo
SOC2 Compliant LogoRSABlackhatG2

Open Source

  • Nuclei
  • Nuclei Templates
  • Subfinder
  • HTTPx
  • Naabu
  • CVEmap
  • All tools

Resources

  • Blog
  • Whitepapers
  • Webinars
  • Research
  • Events
  • Programs

Company

  • Security
  • Privacy
  • Terms
  • Contact
DiscordGitHubXLinkedInYouTube

©2026 ProjectDiscovery, Inc.

Do Not Sell or Share My Personal Information

We value your privacy

We use tools on this site to collect and record your data (e.g., your searches), which we and our vendors may use to provide, improve, and personalize our offerings, make recommendations, and for analytics and marketing. Some of these tools identify visitors and link website activity to business contact and company information so we can better understand interest in our services and tailor our outreach. We may share your data with third parties, such as advertising vendors, social media companies, and research partners, which may be "targeted advertising," "selling," or "sharing" under applicable privacy laws. Continuing to browse our site means you accept these terms and our Privacy Policy. To opt out, click the Your Privacy Choices link in the footer.

Black Hat 2026: Experience Neo in Action
EventBlack HatAI Security

Black Hat 2026: Experience Neo in Action

Join ProjectDiscovery at Black Hat 2026 to experience Neo in action. Discover live demos, real workflows, and how to uncover and fix exposures at scale.

Build It or Buy It? An Evidence-Based Framework for AI Security Testing
WhitepaperNeoAI Security

Build It or Buy It? An Evidence-Based Framework for AI Security Testing

LLMs can detect vulnerabilities. But can your DIY solution validate, scale, and survive a team transition? Download the whitepaper to find out when building makes sense and when it doesn't.

Should you build or buy your AI security tool?
WebinarNeoAI Security

Should you build or buy your AI security tool?

See why building your own AI security tool is easy until the bill arrives. Join our next webinar to see where the build vs. buy math really lands.

The Vulnerability Curve Bent With the AI Curve

The Vulnerability Curve Bent With the AI Curve

How CVE volume, known-exploited counts and time-to-exploit all changed shape across the LLM build-out and why defenders are now on the wrong side of the clock. In 2018 the world published about 18,000 CVEs and the average vulnerability took roughly two months to get exploited after it went public. By 2025 the world was publishing nearly 50,000 CVEs a year and the average vulnerability was being exploited before it was disclosed. Those two facts are the whole story. The number of vulnerabilitie

How Neo's Agent Architecture Evolved: From One Agent → Plan, Execute & Verify
NeoEngineering

How Neo's Agent Architecture Evolved: From One Agent → Plan, Execute & Verify

Our first engineering post covered prompt caching, the infrastructure change that made long-running agentic tasks economically viable. That post assumed a multi-step, multi-agent system already existed. It did not exist on day one. When we started building Neo, the product was a single agent with a sandbox and a large toolset. Today, a typical task runs through optional planning, an Execution agent that delegates to parallel specialized subagents, and a verification loop that can re-run w

Red-Teaming Cloud Infrastructure with Neo
Neo

Red-Teaming Cloud Infrastructure with Neo

Most AI security tooling shipped over the last year focuses on one of two workflows, code review at PR time or zero-day research in open-source software. Models in PR pipelines now flag insecure patterns at every commit and autonomous research runs have produced more zero-days across open-source projects than the patch teams behind them can realistically triage. We've been running Neo on both of those workflows at ProjectDiscovery for a while now, surfacing zero-days in production software and t

Nuclei Templates - April 2026
Nuclei & Templates

Nuclei Templates - April 2026

Two releases shipped this cycle - v10.4.2 (April 15) and v10.4.3 (May 5) - delivering deep KEV coverage, a major push into AI/LLM attack surface, fresh Perforce visibility, and broad quality improvements across the template library. 🚀 April Stats Release New Templates CVEs Added First-time Contributors v10.4.2 121 61 15 v10.4.3 105 62 12 Total 226 123 27 * 226 new templates shipped across both releases * 123 CVEs covered, including ~10 actively exploited vulnerabilities

From Nuclei to Neo: LIVE with Rishi
WebinarNeoNuclei

From Nuclei to Neo: LIVE with Rishi

Nuclei changed how the industry thinks about vulnerability scanning. Neo is the next chapter. Join us on Wednesday, May 20th, at 1 PM ET as Davis sits down with Rishi in San Francisco to cover why we created Nuclei, the hard questions in security, and where the industry is going.

DAST: A blast from the past
WebinarNeoDAST

DAST: A blast from the past

Legacy DAST struggles with modern apps. Learn where it still fits, where it fails, and what to ask when evaluating a modern DAST replacement.

The Trust Gap Behind the AI Coding Boom: What 200 Security Practitioners Just Told Us
ResearchApplication Security

The Trust Gap Behind the AI Coding Boom: What 200 Security Practitioners Just Told Us

New research from ProjectDiscovery surfaces an uncomfortable truth: Engineering has accelerated, and Security has been left to absorb the impact, mostly by hand. If you work in application security right now, you already know the shape of the problem. Pull requests are landing faster than they used to. The diffs are bigger. The author on the commit is increasingly your engineering team's AI assistant, not the engineer themselves. And somewhere downstream, you and a small team are expected to ke

Benchmarking Neo's Black-Box DAST Capabilities
NeoDAST

Benchmarking Neo's Black-Box DAST Capabilities

Since the launch of Neo, we've been steadily expanding what it can do. Neo has found 33+ real CVEs across open-source projects, performed well on white-box security testing where source code is available, and generally proven itself as a capable security engineer when it has context to work with. What we hadn't shared yet is how Neo does when it's operating purely as a black-box DAST agent no source code, no architecture context, just a URL. The prompt Neo gets is a minimal prompt with no guida

The AI Code Deluge: Are Security Teams Ready?
ResearchAIAI Coding Impact

The AI Code Deluge: Are Security Teams Ready?

200 cybersecurity practitioners told us what AI-assisted coding is really doing to their teams. The short version: engineering is shipping faster than ever, and security is absorbing the impact. This report breaks down where the pressure is building, what is breaking, and what it will take to close the gap.

…