We fixed ~100 security issues in 6 days with 0 humans

Ramp's security engineering team built a multi-agent pipeline that autonomously found, validated, and patched nearly 100 security vulnerabilities in their backend codebase in under a week, with no human involvement until PR review. The system used specialized detector agents for specific vulnerability classes (e.g., IDOR), adversarial manager agents to filter false positives (rejecting 40% of initial findings), a validator agent that wrote integration tests to confirm real issues, and a fixer agent that applied patches using test-driven development. The approach uncovered novel high-severity issues missed by penetration testing, bug bounties, and 10+ commercial scanning tools. The entire setup required only a four-hour hackathon and one week of work by a single engineer.