XBOW says GPT-5.5 lifts white-box pentests
XBOW’s April 23, 2026 blog post argues that GPT-5.5 is a real step up for offensive security workflows, not just another incremental model bump. Using XBOW’s internal benchmark of real, previously found vulnerabilities, the company says GPT-5.5 cut miss rate to 10% from GPT-5’s 40% and Opus 4.6’s 18%. The standout claim is that GPT-5.5 already beats older models even in black-box mode, and in white-box testing it effectively overwhelms the benchmark. XBOW also says the model logs in faster, fails faster when access is blocked, and is better at deciding when to persist versus pivot.
Hot take: this reads less like model hype and more like a concrete signal that agentic pentesting is getting operationally useful, especially when source code is available.
- –XBOW’s framing matters: they measure full offensive workflows, not isolated prompt tasks.
- –The biggest claim is the black-box vs. white-box gap collapsing in GPT-5.5’s favor.
- –The “persist or pivot” behavior is probably the most practical improvement for real security automation.
- –If these numbers hold outside XBOW’s benchmark, this could change how teams think about automated pentest coverage.
DISCOVERED
4h ago
2026-04-27
PUBLISHED
7h ago
2026-04-27
RELEVANCE
AUTHOR
elemental-mind