Chitos: From Detection to Proof — An Autonomous Security AI That Actually Exploits
Blog post from HuggingFace
Chitos, developed by VIDRAFT, is an autonomous security AI designed to bridge the gap between vulnerability detection and proof by actively demonstrating exploits. Unlike static analysis tools, Chitos uses a three-phase pipeline: it starts with static analysis to identify potential threats, then engages in autonomous research using web searches to verify these threats, and finally performs live attacks on authorized targets to provide concrete evidence of vulnerabilities. This approach mitigates the common issue of false positives by ensuring each finding is substantiated with proof, rather than mere suspicion. Chitos operates on VIDRAFT's Darwin-398B-JGOS model, known for its multi-hop logical chaining capabilities, and offers features such as dynamic reasoning and live process streaming for vulnerabilities like SQL injection and cross-site scripting. The tool emphasizes responsible use, requiring users to have ownership or explicit authorization to test target systems, and supports safe practice environments for testing without legal concerns.
No tracked trend matches for this post yet.