Fetching from the wire…
Public story · 2026-03-15 · source-backed
XBOW — a fully autonomous AI pentesting agent that has ranked at or near the top of HackerOne's leaderboard for over a year — is publicly credited with finding CVE-2026-21536, a CVSS 9.8 RCE in Microsoft's Devices Pricing Program cloud service. First time an autonomous agent gets a critical CVE credit at a major vendor. The Hacker News
Each link below shares sources, entities, or timing with this story.
Microsoft criticizes Claude Code / Shared entities / Shared topic / Earlier coverage
Linked by a graph relationship (Microsoft criticizes Claude Code); both cover CVE, CVSS, Microsoft, RCE; overlapping topics (agent, critical, microsoft).
Microsoft criticizes Semantic Kernel / Shared entities / Shared topic / Earlier coverage
Linked by a graph relationship (Microsoft criticizes Semantic Kernel); both cover CVE, CVSS, Microsoft, RCE; overlapping topics (agent, microsoft).
Microsoft competes with Google / Shared entities / Same source domain / Shared topic / What happened next
Linked by a graph relationship (Microsoft competes with Google); both cover CVE, CVSS, Microsoft; reported by the same outlet (thehackernews.com).