{"id":101960,"title":"CodeAnt AI - Autonomous offensive and defensive security","tagline":"Find the breach before the attacker does!","body":"### What we do\n\nCodeAnt AI attacks your systems the way a real adversary would, then it walks back into your code and helps you build the defenses exactly where the attack got through.\n\nContinuous attack. Continuous defense. One self-learning platform.\n\n![uploaded image](/media/?type=post\u0026id=101960\u0026key=user_uploads/304615/2d6a6c48-8892-4d33-9e38-a08770079ab0)\n\n\\\n\\\n[**Trigger a free pentest**](https://app.codeant.ai/) No engagement fee. Pay only if we find high or critical issues; low and medium issues are free.\n\n### Why us\n\nWe've run pentests for 200+ companies. Almost everyone had exposed PII, PHI, payment records, patient files, or critical data leaks.\n\nWe've also disclosed 100+ zero-day CVEs, affecting 1.85B+ monthly downloads, including [pac4j-jwt auth bypass at CVSS 10.0 ](https://www.codeant.ai/security-research/pac4j-jwt-authentication-bypass-public-key)and [simple-git RCE at CVSS 9.8](https://www.codeant.ai/security-research/simple-git-remote-code-execution-cve-2026-28292).\n\n### Why now\n\n**90% of modern software is embarrassingly easy to breach.**\n\nAttackers got AI. A human pentester gets 2 weeks and a scope doc. An AI adversary gets unlimited patience and parallelism, and it'll chain a forgotten subdomain to a leaked credential to a misconfigured auth API until the data is out.\\\n\\\nYour defenses? Still fighting the last war.\n\nSAST \u0026amp; SCA tools surface 10,000 findings. The 50 that matter are buried. Pentest firms show up once a year. File a PDF and leave. You fly blind the other 363 days.\n\n![uploaded image](/media/?type=post\u0026id=101960\u0026key=user_uploads/304615/1c942f59-a1c1-418f-827c-7517ec157597)\n\n### How do we close it\n\nCodeAnt lives at every layer where code is written: CLI, IDE, PR, CI/CD. Then it takes what it learned and attacks.\n\n### What you get\n\n* **Blackbox** 500+ exploit agents (BOLA, IDOR, SSRF, auth bypass, etc)\n* **Whitebox** AI SAST, SCA, SBOMs, malware, business logics, etc.\n* **Graybox** Black-box + white-box fused, the full kill chain.\n* **Evidence** SOC 2, HIPAA, ISO compliant reports\n\nStart your [free pentest](https://app.codeant.ai/) here or schedule a [scoping call](https://meet.codeant.ai/meet/codeant-ai/demo)\n\n---","slug":"QWW-codeant-ai-autonomous-offensive-and-defensive-security","created_at":"2026-05-26T14:44:33.425Z","updated_at":"2026-06-20T19:40:21.947Z","total_vote_count":137,"url":"https://www.ycombinator.com/launches/QWW-codeant-ai-autonomous-offensive-and-defensive-security","share_image_url":"https://www.ycombinator.com/media/?type=post\u0026id=101960\u0026key=user_uploads/304615/2d6a6c48-8892-4d33-9e38-a08770079ab0","company":{"id":29368,"name":"CodeAnt AI","slug":"codeant-ai","url":"https://codeant.ai/","logo":"https://bookface-images.s3.amazonaws.com/small_logos/9efd3b7815df44b6aca06023be3c607e3a345ee5.png","batch":"Winter 2024","industry":"B2B","tags":["Cybersecurity"],"search_path":"https://bookface.ycombinator.com/company/29368"}}