P
Finding vulns is getting easier. Proving them is still the hard part.
We ran Neo against popular open source repos and got back 22 confirmed CVEs — auth bypasses, RCEs, sandbox escapes — each with working exploits and real evidence.
New blog breaks down 5 of the most interesting findings 🧵
https://projectdiscovery.io/blog/everyone-is-finding-vulns-the-hard-part-is-proving-them
Heading to #RSAC? Try Neo yourself at Booth 3131 → https://projectdiscovery.io/events/rsac-2026
Hot take from Rishi on Daniel Miessler's Unsupervised Learning: False positives aren’t an AI problem. They’re a validation problem.
Neo separates detection from validation to reduce false positives by over 90%.
At #RSAC next week? Meet Rishi and try Neo hands-on at booth 3131.
An AI just found a CVE in a library with 1.1 billion downloads.
No human guidance. No custom rules. Neo reviewed Faraday's code, traced the URL logic, and found an SSRF that Snyk and Semgrep both missed.
This is the class of bug that used to require your best engineer and a lot of time.
Read the full breakdown: https://projectdiscovery.io/blog/how-neo-found-an-ssrf-vulnerability-in-faraday-and-why-it-matters-for-every-team-that-ships-code
