master's picture

master PRO

fantos

·

AI & ML interests

None yet

Recent Activity

upvoted an article about 2 hours ago

Chitos: From Detection to Proof — An Autonomous Security AI That Actually Exploits

reacted to SeaWolf-AI's post with 🤯 about 2 hours ago

🐯 Chitos — The Security Scanner That Actually Proves It Most security scanners hand you a suspect list and walk away. That gap between detection and proof is where attackers live — and it's exactly the gap that Chitos was built to close. Chitos is the successor to Mythos, a static analyzer built for quick code health checks. Mythos was good at pattern matching — spotting dangerous sinks, mapping CWEs, producing readable reports. But static analysis has a structural ceiling. A rule that sees eval(user_input) can tell you that looks dangerous. It cannot tell you whether the input is reachable, whether sanitization three layers up covers this path, or whether there's a live exploit chain for your exact framework version. Chitos was built to answer those questions. 🔍 Phase 1 applies 50 language-agnostic rules across Python, JavaScript, Go, Java, C/C++, Rust, PHP, YAML and more — covering injection sinks, deserialization gadgets, credential leakage, broken crypto, and prototype pollution. Every candidate is re-verified before reaching the report. Findings that can't be substantiated are excluded, not handed to you as noise. 🔬 Phase 2 dispatches an autonomous web-search agent to hunt live CVE databases, exploit advisories, and public PoC repositories. It formulates hypotheses, verifies them, and synthesizes a structured threat narrative. This phase needs a user-supplied Claude API key — Phases 1 and 3 run entirely free. 🎯 Phase 3 is where Chitos diverges from everything else. Against targets you own or are authorized to test, it fires real payloads — XSS, SQLi, path traversal, command injection — mutates on block, captures hard evidence, and connects every proven finding into a kill-chain showing which vulnerabilities to remediate first. No installation. No account. No code sent to third-party APIs. Article: https://huggingface.co/blog/FINAL-Bench/chitos Try it now 👉 https://chitos.vidraft.net

liked a model 14 days ago

FINAL-Bench/Darwin-398B-JGOS

View all activity

Organizations

fantos 's datasets 4

fantos/Metacognitive

Viewer • Updated Feb 21 • 100 • 169

fantos/DataScience-Instruct-500K

Viewer • Updated Nov 2, 2025 • 26.2k • 154

fantos/agent-data-collection

Viewer • Updated Nov 2, 2025 • 225k • 293

fantos/Toucan-1.5M

Viewer • Updated Nov 2, 2025 • 1.65M • 30