Deriv Swarm Automates AppSec, OffSec

This looks less like a “fully autonomous hacker” and more like the right security workflow finally getting agentized: orchestration, validation, and reporting are split across specialized agents instead of crammed into one model.

• –HAL acts as the control plane, taking targets from Slack or CI/CD and dispatching the right security skills
• –John, Sade, and Harry separate static analysis, live exploitation, and bug-bounty triage, which is the cleanest way to reduce blind spots
• –The 18-minute first pass shows why agentic security can outpace manual point-in-time pentests on fast-changing systems
• –False positives are the real bottleneck, so the internal-HackerOne-training and cross-confirmation loop matters more than raw agent autonomy
• –The biggest takeaway for teams shipping LLM agents is operational: if prompts, tools, and permissions change daily, security has to become continuous too