Launched this week

Cerberus

Launched this week

Cursor for AI hacking that can't go out of scope

59 followers

Cursor for AI hacking that can't go out of scope

59 followers

Visit website

Security software

Cerberus is the world's first safe AI hacker. You can hack your entire app in plain English with a prompt "find vulnerabilities and exploit them in example.com". We also built the world's first AI hacker that's mathematically safe to run on production. It uses a new programming language where every hacking action must come with a mathematical proof that you authorized it — no proof, no action. Point it at your app, come back in 3-4 hours with a full security report.

Free Options

Launch tags:Tech•Security

Launch Team

Tempo - Align Work to Strategy — Turn Jira Data Into Strategic Clarity

Turn Jira Data Into Strategic Clarity

Promoted

Cerberus

Maker

📌

Hi Product Hunt, Short context first. For the past several years our team has run a penetration testing firm serving banks and enterprises, alongside doing research in theoretical computer science — specifically type theory and programming language design. When AI agents became viable, everyone saw the same opportunity we did: automate pentesting. And everyone ran into the same wall. AI hackers can be hacked themselves. A malicious website can contain a prompt injection that tricks the agent into attacking a completely unrelated target. Your authorized pentest suddenly becomes an unauthorized attack on someone else's system, which is a legal disaster. Worse, when these agents discover a vulnerability like RCE, they can delete a client's database, or do something significantly worse, because nothing prevents them from acting on the exploit. Most of these tools are GPT wrappers executing shell commands in a terminal. There's no real safety layer. That's unacceptable for production pentesting. A tool you can't trust is a tool you can't use. The moment things clicked for us was realizing our CS research actually solved this. Unsanctioned actions don't need to be caught at runtime with prompts and guardrails, which fail in practice. They can be prevented before the AI ever acts, using formal methods from programming language theory. So we built a new programming language specifically for ethical hacking. Every action expressible in it, a port scan, a payload, a network request, must carry a mathematical proof of what it's authorized to target and do. Before anything executes, the proof is checked. If the action falls outside the engagement scope — attacking a target you don't own, launching a DDoS, pivoting to an unrelated system — the code doesn't compile. Nothing runs. The AI writes code in this language. You interact with it in plain English. But the safety guarantee is mathematical, not behavioral. This is what lets us offer the first AI hacker you can actually point at production systems. $999/yr - full platform for security professionals Enterprise (from $60,000) - on-premise deployment with your own AI models You can get your free demo here: c7-security.com/cerberus Happy to answer anything in the comments: the type theory, the language design, how we handle edge cases, or how this compares to other AI pentest tools on the market.

Report

3d ago

Ichiba AI

Scope question: does this cover prompt-injection and context-manipulation attacks, or is it authorization-boundary focused? Those are very different security problems.

Report

2d ago

Cerberus

Maker

@ichiba Hi, thanks for the question.

It covers all kinds of attacks that may lead the AI hacker to do unsanctioned (out of scope) actions, because we mathematically model the scope of penetration testing.

For example, you might have allowed only testing of *.yourdomain.com subdomains and disallowed DDoS attacks. Any program code that will attempt to launch an attack to something else outside of *.yourdomain.com or would start a DDoS attack won't pass type checking and will be caught off during compilation.

Report

1d ago