As discussed in #1826 and #1760, the Node.js security triage team is under significant strain from the flood of AI-generated HackerOne reports.
Some friends of mine at Konvu have a tool that directly addresses this: Konvu Community. It takes an incoming report (H1 integration), spins up the vulnerable environment on AWS, runs the described exploit, and returns a triage verdict.
They ran a few historical public reports through it and results were good.
There would be no cost as Konvu is funding it for OSS projects and is planning to work with OpenAI on sponsored credits for this.
I discussed this with @mcollina on Slack and he suggested I open this issue. @hedi-cmd and @reasoningsec from the Konvu team are happy to answer questions here or jump on a call.
As discussed in #1826 and #1760, the Node.js security triage team is under significant strain from the flood of AI-generated HackerOne reports.
Some friends of mine at Konvu have a tool that directly addresses this: Konvu Community. It takes an incoming report (H1 integration), spins up the vulnerable environment on AWS, runs the described exploit, and returns a triage verdict.
They ran a few historical public reports through it and results were good.
There would be no cost as Konvu is funding it for OSS projects and is planning to work with OpenAI on sponsored credits for this.
I discussed this with @mcollina on Slack and he suggested I open this issue. @hedi-cmd and @reasoningsec from the Konvu team are happy to answer questions here or jump on a call.