{"id":82844,"title":"Asterisk: AI-automated Security team","tagline":"Automatically find, exploit, and patch security vulnerabilities across your digital assets with zero false positives.","body":"**TL;DR**: [Asterisk](https://asterisk.so/) is an AI โ€œhackerโ€ with the ability to find, exploit, and patch security loopholes across your digital assets. It does all of this with no user intervention and generates a report with zero false positives. ([example](https://demo.asterisk.so/?report_id=776e01e4-22a2-44bd-afc5-229ec115e1b1))\n\n![uploaded image](/media/?type=post\u0026id=82844\u0026key=user_uploads/629782/0cd6877d-6d46-4428-ae29-236edb91393e)\n\n# **The Problem**\n\n* Almost 95% of potential vulnerabilities raised by static security tools (SAST) are **false positives**, and security engineers spend a lot of time filtering them out.\n* Current security tech **cannot detect business logic bugs** - think of vulnerabilities like unauthorized access, privilege escalation, and bugs that would rack up your AWS/API bills.\n\n# **Solution**\n\n* **Verification:** Asterisk verifies a vulnerability by spinning up a sandbox, running the software being scanned, and attempts to exploit the bug. If Asterisk flags a vulnerability, you can be sure it's real.\n* **Context-aware Threat Modeling:** Asterisk understands your codebase and can thus emulate a malicious hacker by coming up with attack scenarios, like the recent CrowdStrike incident.\n\n# **Our Team**\n\nWe are [Mufeed](https://www.linkedin.com/in/mufeed-vh/), [Asjid](https://www.linkedin.com/in/asjidkalam/) and [Vivek](https://www.linkedin.com/in/123vivekr/). All of us have a background in security research and systems engineering.\n\n![uploaded image](/media/?type=post\u0026id=82844\u0026key=user_uploads/629782/4120e7a5-43bf-4fa1-9352-699f902b32c9)\n\n**Mufeed**: represented ๐Ÿ‡ฎ๐Ÿ‡ณ at WorldSkills CTF, ๐Ÿฅ‡ medalist - IndiaSkills CTF, ๐Ÿฅ‰ medalist - BRICS Skills CTF\n\n**Asjid**: ๐Ÿฅˆ medalist - IndiaSkills, ex-security research engineer at Emirates National Bank (UAE)\n\n**Vivek**: ex-distributed systems/platforms engineer at Chorus One (one of the biggest POS validators)\n\nOur team has helped secure Google, Mastercard, Okta, Nvidia, Microsoft, etc. We are also the team behind [Devika,](https://github.com/stitionai/devika) the open-source alternative to Devin with over 18K stars on GitHub.\n\n# **Our Ask**\n\nIf you're looking for a **complete security audit** of your digital assets or want to talk about anything security, email us ([hello@asterisk.so](mailto:hello@asterisk.so)) or book a demo ([asterisk.so/demo](http://asterisk.so/demo)).","slug":"LYC-asterisk-ai-automated-security-team","created_at":"2024-08-08T07:20:52.225Z","updated_at":"2026-05-25T03:29:30.062Z","total_vote_count":205,"url":"https://www.ycombinator.com/launches/LYC-asterisk-ai-automated-security-team","share_image_url":"https://www.ycombinator.com/media/?type=post\u0026id=82844\u0026key=user_uploads/629782/4120e7a5-43bf-4fa1-9352-699f902b32c9","company":{"id":29750,"name":"winfunc","slug":"winfunc","url":"https://winfunc.com","logo":"https://bookface-images.s3.amazonaws.com/small_logos/758cce64094ba9a7250a8b613b368074620a74f5.png","batch":"Summer 2024","industry":"B2B","tags":["Artificial Intelligence","SaaS","B2B","Security","AI"],"search_path":"https://bookface.ycombinator.com/company/29750"}}