Part of the ImmuneWorks Immune Mesh
Autonomous vulnerability hunting

We hunt vulnerabilities automatically.

vHunter is an autonomous engine that recons, tests, proves and scores vulnerabilities at machine speed — then puts the results on an industry scoreboard. Every finding ships with a reproducible PoC.

8,890+verified findings
1,824+critical severity
14industries covered
92%ship with a PoC

Autonomous discovery running across finance, Web3, SaaS, AI, healthcare, energy and beyond

FINANCEWEB3SAASAIHEALTHGOV/CIECOMMGAMINGTELECOM
By industry

Every industry has a scoreboard.

Attack surfaces differ by sector, so vHunter runs industry-specific detectors and scores each vertical on its own board — severity distribution, top vulnerability classes and peak impact.

FINANCE

Finance

1,284findings
C 312H 470M 372L 130
IDORBroken AuthSSRFBusiness Logic
Peak CVSS9.8
WEB3

Web3 & Crypto

968findings
C 340H 300M 220L 108
ReentrancyAccess ControlPrice OracleSignature Replay
Peak CVSS9.9
SAAS

SaaS & Cloud

1,510findings
C 288H 520M 470L 232
SSRFIDORSecrets ExposureRCE
Peak CVSS9.6
AI

AI & LLM

742findings
C 150H 250M 242L 100
Prompt InjectionTool AbuseData ExfilModel DoS
Peak CVSS9.1
HEALTH

Healthcare

611findings
C 121H 190M 200L 100
PHI ExposureAccess ControlInjectionMisconfig
Peak CVSS9.3
GOV/CI

Gov & Critical Infra

423findings
C 138H 150M 90L 45
Auth BypassPath TraversalDeserializationRCE
Peak CVSS9.7
ECOMM

E-commerce

889findings
C 96H 230M 360L 203
Payment LogicIDORStored XSSCoupon Abuse
Peak CVSS9.0
GAMING

Gaming

534findings
C 60H 150M 220L 104
Server AuthEconomy AbuseAnti-cheat BypassInjection
Peak CVSS8.7
TELECOM

Telecom

372findings
C 70H 120M 130L 52
RCEAuth BypassInfo DisclosureMisconfig
Peak CVSS9.2
MOBILITY

Mobility & Logistics

318findings
C 44H 100M 120L 54
IDORGPS SpoofingAPI AbuseAccess Control
Peak CVSS8.9
ENERGY

Energy & ICS

265findings
C 88H 90M 60L 27
Protocol AbuseAuth BypassRCEHardcoded Creds
Peak CVSS9.5
MEDIA

Media & Social

471findings
C 40H 130M 200L 101
Stored XSSIDORSSRFAccount Takeover
Peak CVSS8.8
EDU

Education

214findings
C 22H 60M 90L 42
IDORAccess ControlXSSMisconfig
Peak CVSS8.4
INSURANCE

Insurance

289findings
C 55H 90M 100L 44
Business LogicIDORSSRFAuth Bypass
Peak CVSS9.0
CriticalHighMediumLow
Vulnerability classes

What we find, most to least.

Aggregated across all industries and dominated by access-control, request-forgery and injection flaws — the bug classes that reach real business impact.

Broken Access Control / IDOR
1,720
Server-Side Request Forgery (SSRF)
1,140
Injection (SQL / NoSQL / Cmd)
980
Authentication Bypass
910
Secrets & Credential Exposure
760
Business-Logic Flaws
690
RCE / Deserialization
540
Prompt Injection & Tool Abuse (AI)
430
Smart-Contract (Reentrancy / Oracle)
410
Cross-Site Scripting (XSS)
380
Hunt log

Selected findings, anonymized.

A window into the stream. Targets, owners and identifiers are stripped — only the vulnerability class, affected sector, severity and disclosure state remain.

vhunter@mesh — findings ledger
04:12:07CRITFINANCEIDOR -> cross-tenant account readCVSS 9.1disclosed
04:09:41HIGHSAASSSRF -> cloud metadata 169.254.169.254CVSS 8.6patched
03:58:22CRITWEB3reentrancy -> vault drainCVSS 9.6disclosed
03:51:10HIGHAIprompt-injection -> tool exfil of secretsCVSS 7.7mitigated
03:47:55MEDECOMMcoupon stacking -> negative order totalCVSS 5.9triaged
03:39:18CRITGOV/CIdeserialization -> remote code executionCVSS 9.4reported
03:30:02HIGHHEALTHmissing access control -> PHI over-readCVSS 8.2disclosed
03:22:47LOWMEDIAreflected XSS -> session context leakCVSS 4.3patched
03:14:31CRITENERGYhardcoded creds -> PLC control channelCVSS 9.5reported
03:05:59HIGHTELECOMauth bypass -> ops interface exposedCVSS 8.8mitigated
02:57:14MEDGAMINGmissing server checks -> economy farmingCVSS 6.4triaged
02:48:03CRITSAASpath traversal -> arbitrary write RCECVSS 9.2disclosed
02:39:50HIGHINSURANCEbusiness logic -> claim amount tamperCVSS 8.0triaged
02:31:22MEDMOBILITYAPI abuse -> driver location enumerationCVSS 6.1patched
02:22:09CRITWEB3price oracle manipulation -> liq. arbitrageCVSS 9.3disclosed
02:13:44LOWEDUmisconfig -> directory listingCVSS 3.7patched

All rows are illustrative and anonymized. No client names, targets or personal data are ever published.

How it works

From attack surface to proven finding.

A closed loop that runs continuously. Nothing reaches the scoreboard until it is reproduced with a working proof-of-concept.

01
attack-surface

Recon

Auto-map assets, subdomains, APIs and dependencies into a continuously refreshed attack surface.

02
endpoints

Enumerate

Enumerate parameters, auth paths and state machines at every entry point into testable hypotheses.

03
signals

Detect

Probe injection, access-control, SSRF, logic and on-chain flaws in parallel with industry-specific detectors.

04
proof-of-concept

Verify

Generate a minimal reproducible PoC per candidate and drop false positives — only provable findings count.

05
cvss

Triage

Auto-grade by CVSS and business impact, dedupe and map onto the industry scoreboard.

06
coordinated

Disclose

Produce anonymized reports, run coordinated disclosure and feed results back into the ImmuneWorks Immune Mesh.

Every disclosed finding is written back as immune memory for the ImmuneWorks Mesh.
Part of the Immune Mesh

vHunter is the discovery arm of ImmuneWorks.

ImmuneWorks builds the immune system for enterprise AI — detecting and responding to threats at the gateway, plugins, runtime, identity, blockchain and browser. vHunter is its offensive discovery capability: it hunts the vulnerabilities first, so the Mesh can defend them.

Explore ImmuneWorks
vHunterhunt & prove
Immune Meshdetect & respond
Immune Memoryremember & adapt

Put your industry on the board.

See what autonomous hunting surfaces across your attack surface — before someone else does.