Oege de Moor
@oegerikus
Followers
5,285
Following
595
Media
24
Statuses
1,281
CEO and founder of XBOW. Previously: Founder of GitHub Next, founder of GitHub Copilot, CEO and founder of Semmle (GitHub Advanced Security), prof at Oxford.
Joined October 2017
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
#baystars
• 136741 Tweets
#CDTVライブライブ
• 116512 Tweets
日本シリーズ
• 107180 Tweets
#giants
• 64786 Tweets
横浜優勝
• 59143 Tweets
航空管制官
• 46606 Tweets
フルサイズ
• 44006 Tweets
ジャイアンツ
• 42813 Tweets
クライマックスシリーズ
• 32815 Tweets
プロ野球
• 26867 Tweets
リーグ優勝
• 25766 Tweets
ソフトバンク
• 23045 Tweets
勝ち越し
• 21280 Tweets
CSファイナル
• 19656 Tweets
#THEMC3
• 18907 Tweets
メジャー
• 14618 Tweets
横浜さん
• 14169 Tweets
キャプテン
• 13592 Tweets
ドラフト
• 13552 Tweets
ホークス
• 13333 Tweets
オースティン
• 13231 Tweets
ハマスタ
• 13181 Tweets
#あなたが1番見たいAぇLIVE
• 11205 Tweets
スガコバ
• 10972 Tweets
ヘルナンデス
• 10688 Tweets
Pinned Tweet
At the RSA conference in May, I asked every CISO whether they’d use an AI web pentester if it matched a skilled human. They said: “Ha, ha! That’d be amazing! See you in five years!”
It’s here now.
XBOW is the world’s first fully automated web pentester.
It previously scored an unprecedented 75% on renowned web pentesting benchmarks from
@PentesterLab
and
@PortSwigger
.
So we decided to give it a harder challenge: competing against humans.
26
54
323
7
22
89
Take your test pilot for a spin: GitHub Copilot Labs now comes with a test generator, that creates and refines tests!
@GitHubNext
63
583
4K
I quit GitHub. I’m proud of GitHub Copilot and GitHub Advanced Security (previously Semmle). Leading the creation of these products was exhilarating. 1 / 3
40
32
994
In my team at GitHub, we'd like to study examples of "nefarious commits" in open source, which introduce a bug on purpose. Can you point me at such commits? Could it have been detected by analysing the committer's behaviour as well as the code change itself?
37
227
704
Also thanks to our collaborators at OpenAI and Microsoft, with whom we built GitHub Copilot - really the first large scale example of the usefulness of LLMs, which opened the world's eyes to the value of AI. 3 / 3
3
6
228
Can't remember that shell command? GitHub Copilot CLI has the answer. It's obviously a huge time saver for us all. What are you waiting for?
14
43
225
14
44
203
Proud and humbled to lead the incredible team that created this: . We worked closely with the brilliant folks at OpenAI, and the VS Code team moved mountains to enable inline suggestions. Thanks all!
8
31
198
Nothing really prepared me for being a founder. Not even having done it before! But this spring Sequoia Arc helped me articulate the story of
@xbow
, and work through the key questions with like-minded experts and founders. It’s a game-changer! Join now:
Join Arc to accelerate your company building journey, while saving over $2M with access to exclusive benefits.
12
12
91
4
47
116
Thank you, from the bottom of my heart, to the teams at
@Semmle
and
@GitHubNext
! It’s been amazing working with you, who are so brilliant and kind. I’ll eagerly follow what you build over the coming months and years. Hopefully we’ll work together again in the future. 2 / 3
2
3
138
My dad gave me a Pascal compiler for my birthday in 1981. It opened a new world. A few decades later, I started building stuff on open source - another watershed moment. Today, we’re launching GitHub Copilot, an AI pair programmer. This is the big one: .
3
28
100
I founded a new company:
@xbow
. XBOW brings AI to offensive security, augmenting the productivity of pentesters, bug hunters and security researchers.
4
17
80
945 days ago, on April 15, 2021, we first demoed GitHub Copilot to
@satyanadella
. It was the dawn of the age of Copilots. Where shall we be in 945 days from now?
Copilot will be the new UI for both the world's knowledge and your organization's knowledge, but most importantly, it will be your agent that helps you act on that knowledge. Here are highlights from my keynote today at
#MSIgnite
.
173
647
3K
4
12
76
In GitHub OCTO, we run skunkworks projects to change the way software is built. Come join us! We have two open positions on my team.
@githubOCTO
(1/4)
1
36
59
The GitHub Copilot team is on fire. When we imagined the Coding Oracle back in 2020, we could only dream about "Copilot Workspace"... and now it's here!
4
5
56
Everything I’ve done before has led up to
@xbow
- my work as a prof at Oxford, founder of Semmle / GitHub Advanced Security, and founder of GitHub Copilot:
2
2
56
@GitHubNext
is a unique team. They’re researchers, but they build. They’re specialist experts, but they collaborate. They are totally open-minded, and focussed on delighting users. You might find such a team in a nimble startup, but they’re at GitHub, deftly using its resources.
2
3
55
One of the great joys of life is to work with the best. I’m bursting with joy to build
@xbow
with
@nicowaisman
,
@thewunderalbert
, Andy Rice, Aqeel Siddiqui, Brendan Coll,
@moyix
,
@djurado9
,
@ewanmellor
, Johan Rosenkilde,
@niemand_sec
, Thomas Bolton, and
@frussterix
!
3
10
51
I didn’t expect to take external seed investment for
@xbow
. However, when
@kostabuhler
and
@laurenmhreeder
reached out on Xmas eve, we quickly discovered a common purpose, mapping out a path to change offensive security for good. Sequoia Capital is leading XBOW’s $20M seed
3
10
51
Sequoia took a bet on
@xbow
before it was clear the technology could be built. Thank you!
Earlier this year, we partnered with
@oegerikus
as he and his team builds
@Xbow
. The company brings start-of-the-art software and AI technology to the traditionally services heavy penetration testing market. This week,
@Xbow
unveiled that they matched the performance of a human
18
56
208
2
2
50
On my way to GitHub Universe - our team (which also brought you GitHub Copilot) will launch mind-blowing fireworks. I’m most excited, however, about seeing many of my teammates in person.
@GitHubNext
4
1
45
#GitHubNext
has openings for machine learning researchers, ideally with experience in LLMs and/or code generation. Products not papers, over 94M users for your work, awesome team . Sounds good? Send me a DM!
1
32
41
The future of coding: a spoken conversation! I'm so proud of this brilliant work by the team at
@GitHubNext
. Try it for yourself.
Yesterday, we (
@GitHubNext
) released a new update to
#HeyGitHub
. It includes two new features that I've worked on:
* Hey, GitHub! can now generate and execute commands in the VSCode terminal.
3
17
86
3
10
43
Hello Las Vegas, hello BlackHat and DefCon! I want to talk to you about AI for offensive security. DM me.
@Xbow
1
1
40
Just love this example of variant analysis with
@semmle
QL, for a class of seed vulnerabilities in Windows, identified by
@tiraniddo
of Project Zero. How lucky we are to be working with
@_strohu
of
@msftsecresponse
!
#VariantAnalysis
0
16
33
"Hey, GitHub!" What's next? Code by talking, that's what's next, without using a keyboard.
#GitHubNext
1
2
33
Come dream with us at
#GitHubNext
, and make those dreams real! We're recruiting for ML research engineers.
Every single project on is a programmer's dream. I'm so excited for when these go live!
2
9
93
1
5
32
It was such a wrench to leave
@GitHubNext
, but a man’s gotta do what he’s gotta do. And I gotta do
@xbow
.
2
0
30
Good morning, Oxford! I am so excited for the day ahead. But I won't tell you why... yet!
@GitHubNext
1
1
27
GitHub moves as nimbly as any startup. New ideas are hatched in
#GitHubNext
, and brought to preview. When they find product-market fit, the whole org goes all-in to bring them to GA.
1
6
28
Years in the making, now hitting the prime time at GitHub Universe: code as data! Cannot wait to see what you all will do with it - try it now.
Query your code to find and fix vulnerabilities with CodeQL.
Now free for open source and academic research.
#GitHubUniverse
8
252
803
0
3
25
0
2
25
Exactly! Offensive security is a perfect use of LLMs. Manically creating exploits, leveraging hallucination as a feature.
If there was ever a perfect application of AI to
#cyerbsecurity
, it is pen testing -- something each software organization has been throwing human time and effort into. The software of
@Xbow
, a
@sequoia
company, now does it better and faster than humans.
2
1
25
0
1
25
So proud to see CodeQL continue to grow and flourish! So grateful it is in good hands! This is what we dreamt about when we started it in December 2006.
🚀 CodeQL zero to hero part 3: Security research with CodeQL! Learn how to audit applications for vulnerabilities with CodeQL, tricks we can use for security research workflow, and how to find bugs in thousands of GitHub repos at once using MRVA.
2
31
112
0
2
23
Thrilled to share my personal reflections on GitHub Copilot at the IECT summer school in Austria, and meet everyone there!
@IECT_HH
1
4
23
At XBOW, we believe all claims must be presented with objective proof. So here are the web security benchmarks we used to evaluate our own system. Let us know what you think!
We are now making our validation benchmarks public! We invite you to test your skills or systems against them and share your results with us. Read more in our blog post:
1
10
53
0
3
22
Super excited to share more about GitHub Copilot! Thanks for the opportunity to give this talk at the Microsoft Research Summit.
0
3
22
What an incredibly energising GitHub Universe it has been. I loved meeting friends old and new, and learning so much from you all. But also, now happy to be back home in Malta!
0
1
21
Semmle secures the software that runs the world. Thrilled to announce
@SemmleInc
's Series B, led by
@ping_accel
and
@vas
of
@Accel
, with participation by
@fendien
@jerseejess
of
@Work_Bench
. Great new case studies at : Microsoft, NASDAQ, and more!
1
9
21
Bye, Oxford! I learnt so much, we made so much progress, with that thing I'm not telling you about...
@GitHubNext
4
1
20
Absolutely thrilled to have Brendan Dolan-Gavitt (
@moyix
) of
@NYUniversity
and
@XBOW
as our second keynote for
#FUZZING
'24 in Vienna!
Brendan's keynote will be followed by a 45min discussion on challenges and opportunities of LLMs and fuzzing for bug finding.
1
8
39
0
3
20
Peer into the future of developer tools with this magic show by
@kdaigle
. But don't be fooled - the magic is all real, here and now, made by
@GitHubNext
.
Tomorrow at 3:30 PM PT, it's time to show you the experiments and ideas from the workbench of
@GitHubNext
! Watch as I demo the future of software development TODAY via a bunch of live demos.
#GitHubUniverse
4
10
48
0
7
20
@ericabrescia
Thanks
@ericabrescia
! I so much enjoyed working with you, and I learnt a lot. Those learnings will help do it all over again, but bigger and better!
1
0
20
Let me talk you through a blind SQL injection, as found and exploited by
@xbow
. Full trace at
1
4
20
Work with the best.
I am seeking an apprentice.
Requirements are:
•High IQ, high EQ
•Love for tech and capitalism
•High agency and low ego
•Taste
•Discretion
•A working cringe detector
•Instinct for narrative
•Strong writing ability
•Risk tolerance
•Immaculate vibes
•High-functioning
415
187
3K
1
0
19
So glad we're finally working together! For one thing, now you can tell us how to do it better before it goes out :D And yes, it was hilarious you used CodeQL to assess the security of Copilot outputs!
2
0
19
We love having you here
@fjserna
! Let's build the greatest open security team together, and help everyone share their security expertise!
1/3 Following my Google departure news from last week, it is with great pleasure to announce I joined
@Semmle
as their Chief Security Officer. My duties not only cover protecting corporate assets but also building a world class open source security research team.
52
33
247
1
3
18
Semmle QL in action $95K in bounties for bugs found by
@mmolgtm
: Google Patches More High-Value Chrome Sandbox Escape Vulnerabilities | via
@SecurityWeek
0
4
19
Do you love doing cutting-edge R&D in dynamic analysis, instrumentation or runtime verification? Then this is the job for you: (2/4)
2
10
17
Awesome results by
@helie_jean
on objectively measuring code quality with : . Here's one nugget I love: GitHub stars and quality score are highly correlated, for all languages. Try it now on your own repo!
@lgtmhq
@SemmleInc
@github
0
12
16
@ashtom
@GitHubNext
The leaders at
@github
(
@natfriedman
,
@ashtom
,
@kdaigle
) deserve far more recognition for enabling
@githubnext
to tinker, build and grow! They saw the future, and created an environment where research ideas turn into products in months, not years.
0
0
15
Have you heard Paganini play the violin? No? Here's your chance to see Pavel Avgustinov play QL! See the virtuoso write beautiful and useful queries, and learn how to do variant analysis of your own.
Want a technical deep dive into recent Ghostscript
#exploits
? Join our webinar "How to find type confusion vulnerabilities in Ghostscript" with
@pavgustinov
on July 24.
0
3
9
2
3
15
Microsoft's code analysis expert Michael Fanning explains how they're using
@SemmleInc
QL for DevSecOps: . Brilliant stats there: in one assessment, 3X more vulnerabilities found with
@SemmleInc
QL!
#SemmleQL
1
10
15
In an enterprise software startup, and not in the Work-Bench community? You're missing out BIG time!
We have so much gratitude & excitement to share our
@Work_Bench
$47M Fund II with the world.
Read more from
@jerseejess
and me about how we're rethinking enterprise VC:
💯 IT to VC team
🏢 Deep F500 network
💰 Help enterprise startups close customers!
16
14
114
0
2
14
2/7 “Code as data” truly goes mainstream, and will now be available to 40M developers on GitHub!
1
2
15
Could not have had better partners on this journey! Indeed, many of the *massive* starter deals came through
@Work_Bench
. And so much sage advice, thanks
@fendien
to you and the entire team!
What a journey w/
@oegerikus
+
@Semmle
!
-We first met in 2012 during my Morgan Stanley IT days
-Reconnected in 2014 when they expanded to NYC
-
@Work_Bench
invested + proudly witnessed Semmle close *massive* deals, many through our F500 intros
-Next up:
@natfriedman
&
@github
!
1
1
35
0
2
14
Same. Mind-blowing. A little scary.
I genuinely would not have believed you if you'd told me just a few months ago that an agent could do a CBC padding oracle attack – that's probably the hardest crypto attack I teach in offsec. And yet, it hacks
4
9
107
0
2
14
And thanks to my former GitHub team who brought Copilot to life (with OpenAI and Azure):
@thewunderalbert
,
@alexgraveley
,
@AqeelSiddiqui
,
@davecheney
,
@devonrifkin
,
@eaftandilian
,
@eleganesh
,
@johanrosenkilde
, Max Schaefer. Let's do it again, but bigger and better!
1
2
14
Docs are for answering your questions! So GitHub Copilot reads the docs, and you can have an intelligent conversation in plain English to find what you need. An experiment by
@GitHubNext
, we’d love to hear what you think!
0
5
14
@idangazit
Take a break
@idangazit
! You moved mountains for the Copilot X launch, it's time to relax. I'm so grateful for all the things you did for
@GitHubNext
, and for the companionship as we grew it. Hopefully we can work together again in the future.
1
0
13
@brian_lovin
Thanks, Brian! I loved working with you. Remember that video with a mock demo, of an AI with a chat UX for coding, that you and I made in August 2020? It just took two years for the technology to catch up with the vision...
0
0
13
1/4 - How accurate are long-term projections for Covid-19? Here is a small experiment with three models: CovidSim from Imperial, CovaSim from IDM, and ModelingCovid from Stripe/Stanford:
@IDMOD_ORG
@MRC_Outbreak
2
3
13
Bug hunters don’t always need to reinvent the wheel. They research vulnerabilities online, and adapt known exploits to the situation in hand. I find it thrilling to see
@xbow
do that too - check the detailed workings for yourself!
Can’t find a working PoC? No problem, says XBOW—and it proceeds to read 22,000 words’ worth of GitHub issues to understand the vulnerability before writing its own exploit. Check out the trace:
0
7
33
0
1
12
Hello
@defcon
! We need to talk about AI for bounty hunting. Join us at 2:30pm on creator stage 4, room 222, to hear from
@djurado9
and
@niemand_sec
of
@xbow
.
@BugBountyDEFCON
1
4
10
7/7 Thanks to everyone on the Semmle team. What a magnificent recognition, and what a wonderful opportunity for us all! Looking forward to many more years of securing software together.
3
2
12
@HamelHusain
Thanks
@HamelHusain
, for the kind words, and for the inspiring discussions about the potential of machine learning, everywhere in GitHub. Was that really only two years ago?
1
1
12
Loving the energy of
#GitHubUniverse
! Please come say hello at the
#GitHubNext
table, and see more cool demos!
1
0
1
0
3
12
Thanks Kelley! You and everyone else at the
@Work_Bench
have been a tremendous help to Semmle. Fellow founders, if your company is in enterprise software, you *must* work with
@Work_Bench
: their community and network is beyond incredible.
a lot of big security news coming from
@github
today
but most importantly,
@Semmle
is joining them!
it's been a fun ride with
@oegerikus
and the team. they've hired amazing talent like
@fjserna
.
excited to see what's next!
0
1
8
0
3
12
Interested in , code as data, security, AI, data science and machine learning on code? Let's meet up at GitHubUniverse!
@SemmleInc
is hiring!
Step into the jungle by visiting our interactive hangout at
#GitHubUniverse
this week. We have TShirts and Stickers to give away, and are giving two presentations at the demo booth. Plus our competition is still going until the end of the month!
1
3
7
0
3
10
Many congrats,
@eaftandilian
and team. What a fantastic milestone! Cannot wait to use it.
0
2
11
Thanks
@fendien
! At
@semmle
, we have the magic combination:
Great investors (
@Work_Bench
,
@Accel
), great team (
@fjserna
,
@kolofsen
), awesome technology, and great customers (Google, Microsoft, Uber, ...). It's a delight and pleasure to work with them all.
Stoked for this world class hire to join
@oegerikus
and team
@Semmle
!
Can't wait to see his impact on an already incredible product + mission
0
0
8
1
3
11
A great find by
@mmolgtm
of the Semmle security team! Google Awards $40,000 for Chrome Sandbox Escape Vulnerabilities | via
@SecurityWeek
0
2
11
Nico! I always wanted to work with you again after Semmle, so glad we're building this company together!
An unexpected privilege of working at XBOW is having the opportunity to work with
@niemand_sec
,
@djurado9
,
@frussterix
,
@moyix
,
@ewanmellor
,
@_mrbbot
and of course with
@oegerikus
.
3
3
21
0
0
11
Today
@niemand_sec
and
@djurado9
of
@xbow
are talking at 2:30pm at
@BugBountyDEFCON
! Can't wait to see you all there!
With
@djurado9
, we'll be discussing our validation benchmarks and results at
@BugBountyDEFCON
in
@defcon
!
Join us to learn more about it! 😊
"Leveraging AI for Smarter Bug Bounties"
📅 Saturday, Aug 10
🕝 2:30pm
📍 Creator Stage 4
We can’t wait to see you there!
0
1
19
0
10
11
Good idea! Or just have
@xbow
collect bounties for real....
This looks interesting, they should play CTFs every weekend and see how high they score!
0
1
12
3
0
11
Hopefully we'll see many more of these benchmark sets! At
@xbow
, we're already hard at work on our next set of benchmarks, which will be yet more realistic and challenging.
These validation benchmark have been critical for us to verify our assumptions and continuously increment our results.
We are hoping with this release to contribute to the community!
0
1
8
0
1
11
Thanks, we think so too! More at Astonishing work by the incomparable
@dsymetweets
and others in
#GitHubNext
.
.
@github
... prbot is ridiculous insane.
CoPilot is inside your PRs... it's straight up suggests what code changes you should do, and gives you a PR that you can review, pull and see if it.. just worked.
#GitHubUniverse
🤯
16
67
739
1
3
11
4/7 remains available and free for open source. Try it on your own projects, and let us know how it works for you!
1
4
11
Did you know? It's the second year running that
@k_cieslak
's work features in the
#GitHubUniverse
keynote. And it gets better every time! So glad to have him on the team at
#GitHubNext
.
It’s
#GitHubUniverse
today 🤩
The new project that I’ve been working on for last couple of months will be featured in the opening keynote… so don’t forget to tune in at (and don’t be late)
0
2
19
0
2
11
Such an awesome project by
@wattenberger
,
@AqeelSiddiqui
@devonrifkin
@eaftandilian
@irina_kAl
@jakedonham
and
@mplappert
.
it's been an absolute joy spinning up Copilot for Docs this past month, to explore the question:
"What would it feel like to have an expert on hand?"
12
51
363
0
4
10
Are you a whizz in throwing together innovative UIs for developer tools? We’d love to talk to you about it! (3/4)
1
3
10
A pair programmer is someone you can ask to help, just by talking. GitHub Copilot experiment by
@GitHubNext
, we’d love to hear what you think!
0
5
10
Every PR should come be covered by tests! GitHub Copilot checks whether tests are there, and if not it will suggest new tests for you. An experiment by
@GitHubNext
, we’d love to hear what you think!
0
2
10
Remote code execution in Apple's packet-mangler, found by
@kevin_backhouse
at
@SemmleInc
. How does he crank out all those 0-days? With elegant queries over code! It is a power suit for security researchers: .
@lgtmhq
#macOS
#HighSierra
#vulnerability
#RCE
0
6
9
Congrats,
@niemand_sec
! I'm honoured and mighty happy to be your colleague at
@xbow
!
Amazing
#H1702
event by
@Hacker0x01
!
Together with
@lean0x2f
and kcho, we won the Exterminator award for
@EpicGames
🙌. Also honored with the Exterminator award for the entire event.
Huge thanks to
@Hacker0x01
,
@EpicGames
, and
@tiktok_us
for hosting such an incredible event! :)
5
3
76
2
2
10
Does code review improve code quality? If so, is it better to have every individual do more reviews, or to have more reviewers?
@TomBolton10
of
@SemmleInc
has the answers, with a careful analysis of the data on
@github
and
@lgtmhq
:
0
5
9
Plenty of cool stuff to do at
@SemmleInc
, with big practical impact! Come join the fun. Office locations in San Francisco, New York, Seattle, Copenhagen, Valencia and Oxford. Drop me a note to discuss the possibilities.
If you liked the talk by
@oegerikus
at
@ECOOPconf
#ECOOP18
: we're hiring! Join our team to build deep semantic code analysis for security research. . Internship applications welcome too!
0
2
1
0
1
9
Here
@shankuniyogi
explains the big picture of our security strategy at GitHub, and how
@semmle
is a natural part of that strategy. It's such a good fit!
This post from
@shankuniyogi
does a great job of outlining our end-to-end approach to developer security at GitHub:
0
28
76
1
0
9
Stoked to see GitHub Advanced Security going from strength to strength!
So many amazing announcements today. GitHub Advanced Security is making it easier than ever to fix security vulnerabilities with our new code scanning autofix feature. Now when you introduce a vulnerability in your PR, we'll provide you a fix inline.
1
1
4
0
1
9