By Will Knight
Publication Date: 2026-01-14 19:00:00
Vlad Ionescu and Ariel Herbert-Voss, co-founder of cybersecurity startup RunSybil, was briefly confused when her AI tool Sybil alerted her to a vulnerability in a customer’s systems last November.
Sybil uses a mix of different AI models – as well as a few proprietary technical tricks – to scan computer systems for problems that hackers could exploit, such as an unpatched server or a misconfigured database.
In this case, Sybil reported an issue with the customer’s deployment of federated GraphQL, a language used to specify how data is accessed via application programming interfaces (APIs) over the web. The problem meant that the customer accidentally revealed sensitive information.
What puzzled Ionescu and Herbert-Voss was that identifying the problem required a remarkably deep knowledge of several different systems and how they interact. RunSybil says it has since discovered the same problem in other implementations of GraphQL – before anyone else made it public: “We…