OpenHack is an open-source security agent designed to identify and verify software vulnerabilities using open-source reasoning models. It addresses the limitations of traditional security scanners by focusing on logic-based vulnerabilities that pattern-matching tools often miss, and it aims to reduce false positives through end-to-end verification with working exploits. The platform is positioned as a cost-effective solution, claiming to operate at up to 40 times lower cost compared to proprietary and frontier-model security agents.
The tool offers both a command-line interface (CLI) and a broader platform experience. Users can install the CLI via pipx and initiate scans on any codebase without configuration files or setup wizards. js, Django, Flask, Rails, Express, and FastAPI, and provides validated findings with proof-of-concept exploits. The tool also enables users to apply one-click fix pull requests based on its findings.
OpenHack’s platform incorporates features like deep context ingestion, automated threat modeling, and business impact scoring. It analyzes codebases, infrastructure, authentication flows, and business logic to build comprehensive threat models. Findings are prioritized based on actual business impact and exploitability in the user’s specific deployment, rather than generic scoring systems. Every identified threat is validated with a working proof-of-concept exploit to minimize noise and focus on actionable results.
Benchmark data presented by OpenHack shows its performance on real-world vulnerability sets and the CVE-Bench benchmark, demonstrating both detection rates and accuracy against other tools. The platform is fully open source, provider-agnostic, and exclusively uses open-source models, allowing for unrestricted scanning and validation. OpenHack is suitable for security engineers, developers, and organizations seeking to improve vulnerability detection and verification in their software projects while maintaining cost efficiency and transparency.
The tool is available as an open-source project, with installation instructions and source code accessible via GitHub. It does not require proprietary licenses or subscriptions, emphasizing accessibility and flexibility for a wide range of users.
OpenHack sits in PulseGate's Security & compliance platforms category. It focuses on automating the detection and verification of software vulnerabilities using open-source AI models for security teams and developers. OpenHack is an open-source project aimed at security engineers and developers. The project is open source (Open Source). The product ships for the command line, and it can be self-hosted.
openhackai builds and maintains OpenHack, and the product first shipped in 2026. Across PulseGate's embedding index, OpenHack has few near neighbours, marking it as relatively distinct. Among its 5 catalogued features are vulnerability detection, exploit verification, and open-source models.
Latest indexed changes and source events
openhackai/OpenHack discovered by the PulseGate indexer
Other apps tracked under the same category.