Skip to main content
XOR
[GITHUB APP]

Automated Vulnerability Patching and PR Review

Automated code review, fix generation, GitHub Actions hardening, safety checks, and learning feedback. One-click install on any GitHub repository.

Book a demo
[GITHUB APP]

Automated vulnerability patching and PR review

OutcomeCVEs patched automatically. Every PR carries a pass/fail verification report.

MechanismXOR reproduces the vulnerability, generates a fix, verifies it works, and opens a PR with the evidence attached.

ProofEvery PR carries a pass/fail report — tested against a verifier XOR wrote for the bug.

Book a demo

Issue → Fix → Pull request → Learn

Point XOR at a bug or vulnerability. It creates a branch, generates a minimal fix, adds tests, and opens a pull request. Results feed back into the agent harness so future fixes improve. Triggered by @xor-hardener on an issue or PR.

What Happens on Each PR

Every agent-generated PR gets a pass/fail verification report — tested against the actual vulnerability. The report is attached as a PR comment. You merge or iterate.

Cost Tracking

Every verification shows cost per fix. Dashboard tracks total spend. See agent cost trends and ROI on verification.

How it fits in the platform

CVE-Agent-Bench tells you which agents pass. The GitHub App runs PR red-team checks and ships verified fixes into your repos with evidence attached.

What the GitHub App does now

CVE/GHSA to Autopatch PR

Triggered by @xor-hardener. XOR opens a PR with a minimal fix, adds or updates a failing test, and keeps CI green.

PR test report (evidence-linked)

One test report per PR: CVE/GHSA, patch diff, tests, CI links, and a pass or fail verdict.

Harden GitHub Actions (pin + least-privilege)

Pin actions by SHA and reduce workflow permissions per job. CI stays green.

Guardrail review (stop on low confidence)

XOR leaves inline review comments, flags risk, and stops when confidence is low.

Trace transparency

Every patch includes a

Verifiable Vibes

trajectory link.

Pricing

Open Source

Free

Unlimited patches for open source projects.

Enterprise Pilot

Contact us

90-day pilot. Custom SLA. Priority support.

Coming soon

  • Green-build autopatch (fix failing CI)
  • OSV dependency review to patch plan
  • Workflow permissions audit (least-privilege)
  • Repo controls to live evidence map

Install XOR GitHub App

One-click install on any GitHub repository. Free for open source.

Install on GitHub

When to use it

  • You want verified fixes merged with evidence attached
  • You need PR test reports for security sign-off
  • You are rolling out agents across teams and need consistent checks

FAQ

How do I install the GitHub App?

Click 'Install GitHub App'. Log in with GitHub. Select which repos to monitor. That's it. XOR will verify all agent code changes automatically.

What does the app do?

When an agent writes code, XOR runs verification tests. Results attach to the PR. You see pass/fail, runtime, and cost per fix in the comment.

Which agents are supported?

Any agent that commits code to GitHub: Claude Code, Codex, Gemini CLI, Cursor, or custom agents. No lock-in.

Is it free?

Free for open source repos. Enterprise plans include higher limits, custom test sets, and dedicated support.

[RELATED TOPICS]

Patch verification

XOR writes a verifier for each vulnerability, then tests agent-generated patches against it. If the fix passes, it ships. If not, the failure feeds back into the agent harness.

Automated vulnerability patching

AI agents generate fixes for known CVEs. XOR verifies each fix and feeds outcomes back into the agent harness so future patches improve.

Benchmark Results

50.7% pass rate. $4.16 per fix. Real data from 1,224 evaluations.

Benchmark Results

50.7% pass rate. $4.16 per fix. Real data from 1,224 evaluations.

Agent Cost Economics

Fix vulnerabilities for $4.16–$87 with agents. 100x cheaper than incident response. Real cost data.

Agent Configurations

9 agent-model configurations evaluated on real CVEs. Compare Claude Code, Codex, Gemini CLI, Cursor, and OpenCode.

Benchmark Methodology

How CVE-Agent-Bench evaluates 9 coding agents on 136 real vulnerabilities. Deterministic, reproducible, open methodology.

Agent Environment Security

AI agents run with real permissions. XOR verifies tool configurations, sandbox boundaries, and credential exposure.

Security Economics for Agentic Patching

Security economics for agentic patching. ROI models backed by verified pass/fail data and business-impact triage.

Continuous Learning from Verified Agent Runs

A signed record of every agent run. See what the agent did, verify it independently, and feed the data back so agents improve.

Signed Compliance Evidence for AI Agents

A tamper-proof record of every AI agent action. Produces evidence for SOC 2, EU AI Act, PCI DSS, and more. Built on open standards so auditors verify independently.

Compliance Evidence and Standards Alignment

How XOR signed audit trails produce evidence for SOC 2, EU AI Act, PCI DSS, NIST, and other compliance frameworks.

See which agents produce fixes that work

136 CVEs. 9 agents. 1,224 evaluations. Agents learn from every run.