OPEN LINK ↗
// 56d agoNEWS
Deriv Swarm Automates AppSec, OffSec
Deriv describes a multi-agent security system that handles source code review, web app pentesting, AI-agent pentesting, and bug bounty triage. In a grey-box test, the first phase finished in 18 minutes and surfaced six issues, including three critical findings.
// ANALYSIS
This looks less like a “fully autonomous hacker” and more like the right security workflow finally getting agentized: orchestration, validation, and reporting are split across specialized agents instead of crammed into one model.
- –HAL acts as the control plane, taking targets from Slack or CI/CD and dispatching the right security skills
- –John, Sade, and Harry separate static analysis, live exploitation, and bug-bounty triage, which is the cleanest way to reduce blind spots
- –The 18-minute first pass shows why agentic security can outpace manual point-in-time pentests on fast-changing systems
- –False positives are the real bottleneck, so the internal-HackerOne-training and cross-confirmation loop matters more than raw agent autonomy
- –The biggest takeaway for teams shipping LLM agents is operational: if prompts, tools, and permissions change daily, security has to become continuous too
// TAGS
deriv-offensive-security-swarmagentautomationtestingcode-reviewself-hosted
DISCOVERED
56d ago
2026-04-01
PUBLISHED
56d ago
2026-04-01
RELEVANCE
8/ 10
AUTHOR
shantanu14g