Discovering vulnerabilities in your own code is rarely a one-shot job, even with AI agents. Security services provider Hadrian’s newly released OpenHack platform aims to automate source code review and penetration testing, cutting false positives through an iterative, human-in-the-loop process.

The Amsterdam-based Hadrian has previously used this methodology to unearth hundreds of vulnerabilities in open source software used by the Dutch government. One critical-severity vulnerability exposed server credentials to an Azure database.

OpenHack works from within the user’s preferred harness and model – Claude Code, Codex, and Cursor are initially supported.

“We didn’t need Mythos to find critical vulnerabilities in the Dutch government,” said Hadrian CEO and co-founder Rogier Fischer, in the blog post announcing the release. 

A Systematic Approach for Finding Vulnerabilities

With AI, the initial impulse for security researchers is simply to ask an LLM to review a code base for vulnerabilities. The results are slow, with the occasional insight often buried in hallucinations and incorrectly-defined bugs. Reviewing the results can take longer than reviewing the code manually. 

OpenHack’s approach is more nuanced. It is modeled after how Hadrian security researchers themselves investigate software code. 

OpenHack mimics penetration testing of a “white box” set of source code in a repository. Each task gets its own separate workflow. The software does the automated reconnaissance across the code base, spins up attack scenarios through “threat modeling,” writes exploits for potential bugs found, and reports back any successful results.

It does this not through a single agent, but a set of focused sub-agents that build on the work of the previously called agent. 

A reconnaissance agent discovers a potentially problematic surface. A second agent, called the router, develops a set of scoped scenarios that could reveal bugs in this surface area. A separate set of “expert” agents then prove or disprove the scenario. Those scenarios that prove fruitful are then verified through yet another agent, called a triage agent.

“The long-running parts are still item-by-item loops, not bulk analysis,” the project’s GitHub page explains. “Hadrian is a state machine around files. A command advances the run to the next durable state, an agent answers the exact prompt for that state, and the next recorder command validates the answer before materializing new work.”

Fischer noted that attackers already use a similar approach for finding vulnerabilities themselves. The company open sourced its own framework so organizations wouldn’t have to keep reinventing the wheel. 

An LLM Is Not a Pentester 

In an earlier post, the Hadrian folks argued that an LLM is not a penetration suite, and shouldn’t be used as one, the surprising results of Mythos notwithstanding. 

Released in 2026, Anthropic’s Mythos, built on top of Claude Opus, was able to find thousands of severe vulnerabilities and build exploits around them, all using a reasoning model it developed. 

Yet, “a frontier model has no concept of your attack surface. It does not manage scope, credentials, or rate limiting. It does not know which assets are in bounds, which environments are sensitive, or where to concentrate effort across a complex, distributed infrastructure. It starts from scratch every time, with no memory of what your organization looked like last quarter or last week,” the company asserted.

OpenHack is open source through an MIT license. The package, which requires Python 3.9 or later to run, comes with a command line interface, agent prompts, expert manifests, file schemas, and documentation.