BugBunny LogoBugBunny.ai
Autonomous Security Platform

Penetration Testing,
Powered by AI Agents

BugBunny deploys coordinated AI agents to perform reconnaissance, vulnerability discovery, proof-of-concept validation, and automated patch suggestions — continuously and at scale.

View PlansWatch Demo

Autonomous testing begins immediately after you provide an authorized target

root@bugbunny — bash — 120×36PID 1337
root@bugbunny:~$
bugbunny v3.2.1agents: 12 · depth: full · mode: aggressive■ READY
10+
Published CVEs
9.8
Peak CVSS
90M+
Downloads at Risk
24/7
Continuous

See It In Action

Watch BugBunny Work

From target submission to validated findings — watch a complete autonomous security audit in under two minutes.

Capabilities

Enterprise-Grade Security Automation

Coordinated AI agents that adapt, persist, and validate — just like a real red team.

Automated Reconnaissance

Coordinated AI agents systematically map your attack surface — discovering subdomains, endpoints, and exposed services across your entire infrastructure.

$ bugbunny recon example.com
[RECON] Enumerating subdomains...
[RECON] 47 hosts discovered
[RECON] 312 endpoints mapped
[DONE] Attack surface mapped

Adaptive Vulnerability Testing

Context-aware testing agents that adapt their methodology to each target, from black-box web application testing to white-box source code analysis.

SQLiXSSRCESSRFIDORAuth BypassPath TraversalDeserialization

PoC Validation

Every finding is validated with a working proof-of-concept exploit, eliminating false positives and delivering audit-ready reports with CVSS ratings.

2 CRITICAL — RCE, SQLi
3 HIGH — XSS, SSRF
All PoCs Verified
Enterprise

PR Review & Patch Suggestions

BugBunny reviews each Pull Request, identifies exploitable vulnerabilities in the diff, and suggests inline patches — turning every PR into a security gate.

// PR #247 — Add user profile endpoint
- const user = db.query(`SELECT * FROM users WHERE id=${req.params.id}`)
+ const user = db.query(`SELECT * FROM users WHERE id=$1`, [req.params.id])
[PATCH] Parameterized query prevents SQL injection (CVSS 9.8)

0+

High/Critical CVEs

0.8

Peak CVSS Score

0M+

Downloads At Risk

24/7

Continuous Testing

Track Record

Wall of Fame

BugBunny.ai has identified critical security vulnerabilities in production systems, resulting in official CVE assignments and responsible disclosures — the same detection capabilities available in your audits.

Vulnerabilities identified in production systems from leading technology companies

Google
Meta
Microsoft
React
ClickHouse
Qlib
Pug.js
Google
Meta
Microsoft
React
ClickHouse
Qlib
Pug.js
Featured Research5 RCE Vulnerabilities90K+ GitHub Stars

How We Found 5 Ways to Hack Any Developer Using Google Gemini CLI

BugBunny.ai discovered six critical remote code execution vulnerabilities in Google's AI coding assistant. A developer running gemini in a malicious repository can be silently compromised in seconds.

Target: Google Gemini CLIStatus: Accepted by Google VRPImpact: Full system compromise
Read Full Report
CriticalCVSS 9.3
Improper Access Control

CVE-2026-27471

ERPNext Unauthorized Document Access via Missing Validation

BugBunny.ai discovered a critical access control vulnerability in ERPNext, a widely-used open source ERP system. Certain endpoints lacked access validation, allowing unauthorized users to access sensitive business documents including employee records, financial data, and invoices without any authentication.

ERPNext • Open source ERP
Responsibly DisclosedView CVE →
HighCVSS 8.8
Remote Code Execution

CVE-2026-22807

vLLM auto_map RCE via Untrusted Dynamic Module Loading

BugBunny.ai discovered a high severity remote code execution vulnerability in vLLM where Hugging Face auto_map dynamic modules are loaded during model resolution without gating on trust_remote_code. This allows arbitrary Python code execution when loading models from untrusted sources.

vLLM • High-performance LLM serving
Responsibly DisclosedView CVE →
HighCVSS 8.2
XSS

CVE-2026-21884

React Router SSR XSS in ScrollRestoration

BugBunny.ai discovered a cross-site scripting vulnerability in React Router's ScrollRestoration API during Server-Side Rendering. Unescaped JSON in inline scripts allows arbitrary JavaScript execution when user-controlled data is used in getKey or storageKey props.

React Router • @remix-run/react ≤2.17.2
Responsibly DisclosedView CVE →
CriticalCVSS 9.8
Remote Code Execution

CVE-2025-61622

Python RCE via Unguarded Pickle Fallback in pyfory/pyfury

BugBunny.ai identified a critical deserialization issue in Apache Fory's Python modules (pyfory/pyfury) where unsupported object types fall back to Python's unsafe pickle loader. Crafted data streams from untrusted sources force the pickle fallback, enabling arbitrary code execution across affected versions (0.1.0–0.10.3 and 0.12.0–0.12.2).

Apache Fory • pyfory/pyfury serialization runtime
Responsibly DisclosedView CVE →
CriticalCVSS 9.8
Account Takeover

CVE-2025-58434

Account Takeover (Local & Cloud) - Token Leak

BugBunny.ai discovered a critical vulnerability in flowise.ai that allows complete account takeover through token leakage affecting both local and cloud deployments. This vulnerability enables unauthorized access to user accounts and sensitive data through exposed authentication tokens.

flowise.ai • 43,000+ GitHub stars, acquired by Workday
Responsibly DisclosedView CVE →
HighCVSS 7.6
Stored XSS

CVE-2025-59057

Stored XSS Vulnerability in React Router

React Router, a widely used routing library in the React ecosystem, is affected by a stored cross-site scripting (XSS) issue under specific input handling conditions. This may allow persistent script execution impacting application users.

React Router • 90 million weekly downloads
Responsibly DisclosedView CVE →
CriticalCVSS 9.1
Path Traversal

CVE-2025-61686

Path Traversal in React Router File Session Storage

BugBunny.ai uncovered a path traversal issue in React Router's file session storage adapter. Crafted session IDs could escape the intended directory and overwrite arbitrary files on the host, impacting any deployment persisting sessions to disk. The maintainers shipped a fix and coordinated disclosure via GitHub Security Advisories.

React Router • 90 million weekly downloads
Responsibly DisclosedView CVE →

Latest Discovery: CVE-2026-27471 – ERPNext Unauthorized Document Access via Missing Validation

All vulnerabilities are discovered through automated AI-powered security testing and reported through responsible disclosure

Workflow

How It Works

Three steps from target definition to validated, audit-ready security findings.

01

Define Your Target

Provide an authorized domain, IP range, or connect a GitHub repository. BugBunny validates the scope and begins immediately.

$ bugbunny scan example.com
02

Autonomous Agent Deployment

Specialized AI agents work in parallel — reconnaissance, vulnerability scanning, exploit development, and validation run simultaneously.

[RECON] 23 endpoints discovered
[SCAN] Testing OWASP Top 10
[VULN] SQL injection confirmed
03

Validated Findings & Reports

Receive audit-ready reports with verified proof-of-concept exploits, CVSS severity ratings, and step-by-step remediation guidance.

2 CRITICAL1 HIGHVERIFIED

Pricing

Security Plans for Every Team

Scalable coverage from team-level testing to enterprise-wide security programs. Every plan includes validated findings with proof-of-concept exploits.

SOC 2 ISO 27001 HIPAA GDPR-Ready Zero Day / Zero Pay Cancel Anytime

> RECON

Best for startups & dev teams securing their first apps

$499/mo

Continuous automated pentesting for your attack surface

Replaces a $4,000+ manual pentest — every month

Zero Day / Zero Pay — no vulns found, no charge
SOC 2, ISO 27001, HIPAA & GDPR-ready reports
  • 25 domain audits per month
  • 50 credits for AI follow-ups
  • Full-depth OWASP Top 10 + beyond scanning
  • Verified PoC exploits with CVSS scoring
  • Custom scan directives & depth control
  • GitHub repository integration
  • Compliance-ready PDF audit reports
  • Email alerts on critical findings
  • Priority support
  • Chrome extension access
Most Popular

> STRIKE

Best for security teams & high-growth engineering orgs

$1,999/mo

Maximum-depth coverage with the highest detection rate

Replaces $20,000+/yr in manual pentesting engagements

Zero Day / Zero Pay — no vulns found, no charge
SOC 2, ISO 27001, HIPAA & GDPR-ready reports

Everything in Recon, plus:

  • 150 domain audits per month
  • 500 credits for AI follow-ups
  • Maximum scan depth & attack surface coverage
  • Highest vulnerability detection rate
  • PR review with inline patch suggestions
  • API access
  • Dedicated account manager

> COMMAND // MILITARY GRADE

Best for enterprises needing unlimited scale & custom SLAs

Custom

Military-grade vulnerability detection at scale

White-glove security program — replaces entire pentest teams

Contact Sales →
Zero Day / Zero Pay — no vulns found, no charge
SOC 2, ISO 27001, HIPAA & GDPR-ready reports

Everything in Strike, plus:

  • Unlimited domain audits
  • Unlimited AI credits
  • Military-grade detection depth
  • Zero-day class vulnerability research
  • PR review with inline patch suggestions
  • SSO / SAML authentication
  • Guaranteed SLAs & uptime
  • On-premises deployment option
  • RBAC & team management
  • Jira, Slack & SIEM integrations
  • Dedicated support & onboarding

Secure payments via Stripe · All prices in USD · Plans renew monthly · Zero Day / Zero Pay guarantee on all plans

Get Started

Ready to Strengthen Your Security Posture?

Deploy autonomous AI agents that continuously test your infrastructure, validate vulnerabilities with working exploits, and deliver audit-ready findings.

Launch Audit Console

Plans starting at $499/month · Enterprise plans available · Only test authorized targets

BugBunny.ai - Autonomous Penetration Testing Powered by AI Agents