Hadrian releases OpenHack for AI vulnerability research

Hadrian announced the open-source release of OpenHack, a file-based workflow for AI-powered source-code review, in a Globe Newswire press release distributed May 20, 2026 and repeated in industry coverage. The press release states OpenHack is released under the MIT License and "works directly within Claude Code, Codex, and Cursor." The company's announcement also says researchers using a methodology similar to OpenHack found critical-severity vulnerabilities in open-source software used by Dutch government agencies. Help Net Security reports OpenHack keeps durable state in plain files such as cloned source, recon items, scenario prompts, scenario results, finding candidates, triage decisions, and logs.

Help Net Security and the project documentation describe OpenHack as a set of agents and tooling that encodes Hadrian's workflow into a file-backed state machine. The reported workflow includes scenario-first scoping, explicit routing of recon items into scoped scenarios, expert agents that prove or reject scenarios, and an independent triage agent that validates candidate findings before they become recorded. The public registry referenced in coverage defines 12 expert families aligned to OWASP Top 10:2025 categories and MITRE mappings, and the system records an inspectable artifact trail for recon, routing, and triage.

OpenHack addresses two common failure modes for model-driven code review reported by Hadrian: unscoped prompts, which generate broad low-confidence outputs, and self-graded findings, where the proposing agent also adjudicates its own suggestions. Industry practitioners building agentized review pipelines often separate proposer and verifier roles and persist intermediate artifacts to reduce nondeterministic outputs and ease auditing. The file-backed, checkpointed design reported for OpenHack parallels other reproducibility-focused approaches, making automation results easier to inspect, reproduce, and integrate with human-in-the-loop approvals.

Public coverage frames OpenHack as an attempt to democratize a methodology Hadrian previously used in targeted research. Open-sourcing a complete workflow, rather than a single model prompt or wrapper, lowers the barrier for teams that want to experiment with LLM-assisted vulnerability discovery without bespoke orchestration. For security teams, the combination of scenario scoping, independent triage, and artifact persistence responds directly to documented weaknesses in naive "scan and list" prompts, which frequently produce false positives and hallucinations.

For practitioners: adoption signals will include public reproductions and independent audits, like community runs on vulnerable test apps. StackOfTruths and other early testers report that OpenHack found issues such as SQL injection and server-side template injection in example apps, which will be worth verifying across varied codebases. Observe whether OSS maintainers and red-team communities integrate the registry of expert families and whether major LLM providers or coding harness vendors add first-class support for OpenHack's file-backed protocol. Also watch for discussion around operational safety, egress controls, and handling of sensitive source during automated runs.

"In today's offensive security landscape, AI-powered vulnerability discovery must transition from being a research curiosity to a commodity capability," said Rogier Fischer, co-founder and CEO of Hadrian, in the press release distributed via Globe Newswire.

OpenHack packages a multi-agent, auditable workflow for LLM-assisted code review and ships it under an MIT License, enabling security practitioners and researchers to experiment with a scenario-first, triage-separated approach without building orchestration from scratch. Coverage to date combines Hadrian's press release with independent writeups that demonstrate early findings and detail the file-backed architecture.