- Published on
We gave our autonomous pentesting agent, KLUE, one real engagement against a mature open-source codebase and 2 hours 43 minutes on the clock. It came back with six CVE-assigned vulnerabilities, including a chained second-order SQL injection and a template injection that reached a shell. This is the annotated reasoning trace.