ProjectDiscovery Unveils Neo: AI‑Driven Autonomous Penetration Testing Platform at RSAC 2026

Product Release Background

ProjectDiscovery, the developer of the open‑source scanner Nuclei, has performed over 10 billion scans and serves more than 100 000 security professionals. After winning the RSAC Innovation Sandbox competition in 2025, Neo was commercially released in 2026, extending Nuclei’s core technology with stronger automation capabilities.

Core Technical Features

2.1 End‑to‑End Automated Penetration Testing

Deploy application to a test environment.

Cross‑role authentication to exercise credential checks.

Build working exploits to validate impact.

Capture pentester‑level evidence and generate a complete report.

2.2 Integration of 30+ Security Agent Tools

Neo bundles more than thirty security agents that cooperate inside an isolated sandbox, allowing the platform to form hypotheses, test them, and close the loop like a human researcher.

2.3 Fundamental Differences from Traditional Scanners

Output: Traditional scanners list potential issues; Neo provides verifiable exploits.

Evidence Type: Traditional tools offer theoretical risk; Neo delivers reproducible PoC.

Testing Depth: Traditional scanners perform surface detection; Neo conducts end‑to‑end validation.

Coverage: Traditional scanners rely on known patterns; Neo uncovers logical flaws.

Benchmark Results

3.1 Test Environment

Three AI‑generated full‑stack applications representing banking, healthcare, and insurance sectors were used as test targets.

3.2 Test Findings

Neo identified 66 exploitable vulnerabilities, the highest count among all tested tools. Twenty‑four of these were missed by every other solution. Notable examples include:

Arbitrary refund vulnerability.

Deleted user retaining full application access.

Systemic password‑hash leakage via ORM relationship queries.

3.3 Open‑Source Project Validation

Scanning twelve popular open‑source repositories, Neo returned 22 confirmed CVEs, all reported through coordinated disclosure processes.

Customer Case

A publicly traded digital‑asset financial services platform conducted a proof‑of‑concept with Neo, achieving parallel coverage of API and payment flows without additional staff and accelerating the fix‑retest cycle using Neo’s replayable Proof Pack.

Market Significance

From discovery to verification: traditional tools only “find”; Neo also “verifies” exploitability.

From report to evidence: delivery shifts from a vulnerability list to a usable Proof Pack.

From manual to automation: over 30 coordinated agents simulate team‑level penetration testing.

Conclusion

Neo represents a milestone for AI applications in cybersecurity, offering deeper vulnerability discovery, faster verification cycles, and lower false‑positive rates.