Ricerca Security Co., Ltd. (Headquarters: Chiyoda-ku, Tokyo; CEO: Ren Kimura) has launched a 'Diagnostic Internalization Bootcamp' that enables companies to verify the effectiveness of AI-powered vulnerability assessments within their own environments.

This service is not intended for selling AI diagnostic tools or providing training. Instead, it allows organizations to evaluate, over five days, how effective AI diagnostics are and what kind of operational requirements are needed when applied to actual systems and operational environments, providing essential data for adoption decisions.

The service targets enterprises interested in AI diagnostics but with questions such as, 'Can it really detect vulnerabilities?' and 'What level of operational burden will it entail?'

Service-related Material Download

What Is the Diagnostic Internalization Bootcamp?

The Diagnostic Internalization Bootcamp is a hands-on program designed to evaluate whether AI diagnostics should be adopted, all within a five-day period.

This service has already been delivered to major corporate clients.

Feedback from participating customers includes:

- 'Extremely satisfied. The content exceeded our expectations.'

- 'It’s excellent to be able to systematically learn about AI, whose knowledge is often scattered online, in just five days.'

- 'The tool itself is highly accurate, and the more we understand its internals, the more sophisticated it feels.'

With this service, we conduct actual diagnostics on the customer’s environment while enabling them to verify:

- What types of vulnerabilities can be detected using AI diagnostics? - What level of operational burden will be incurred? - Is continuous operation feasible? - What kind of organizational structure would be required for implementation?

The mere output of vulnerability candidates by AI is not the goal.

We emphasize enabling participants to validate the findings, assess whether the identified threats truly require action, and take back a clear vision for sustainable operational integration.

Therefore, the number of detected vulnerabilities is not used as a success metric in this program.

Instead, the success criterion is:

'Being in a position to decide whether AI diagnostics should be adopted.'

Pricing starts at 2 million JPY (varies based on the scale of the target system), and the duration is five days.

Download Guide

We have prepared materials summarizing the service overview, implementation steps, and bootcamp content.

Even at the stage of wondering, 'Is in-house implementation possible for us?' feel free to access the materials.

Download materials here

Background: The Need for Internalizing Diagnostics

As cyberattacks grow more sophisticated, the importance of vulnerability assessments continues to rise each year.

At the same time, the shortage of cybersecurity talent is worsening, leaving many companies struggling to establish sustainable assessment frameworks. An outsourcing model—relying on external vendors for each assessment—is increasingly seen as limiting in terms of assessment frequency, cost, and response speed.

In this context, advancements in generative AI and AI agents are beginning to show significant potential for streamlining vulnerability discovery.

In 2026, Anthropic’s 'Claude Mythos' gained widespread attention for autonomously analyzing open-source software (OSS) and discovering numerous high-severity vulnerabilities. Additionally, the number of cases using general large language models (LLMs) for vulnerability discovery is growing, rapidly expanding AI’s impact on vulnerability detection.

However, real-world diagnostic operations require tasks such as filtering vulnerability candidates, eliminating false positives, and validating exploitability.

The ability of AI to identify vulnerability candidates is distinct from the challenge of continuously operationalizing those results. To extract only the most critical vulnerabilities from a large volume of candidates and integrate them into development workflows, operational design and triage mechanisms are essential.

We believe the gap between 'can detect' and 'can operate as a business process' represents the greatest challenge in diagnostic internalization during the AI era.

Independent, Proprietary Vulnerability Detection Beyond Model Dependency

The effectiveness of AI-based vulnerability discovery does not depend on specific AI models or their providers.

We had already detected vulnerabilities of the same type later discovered and publicized by Claude Mythos in 2026—using the earlier OpenAI o3 model (released April 2025) during internal testing (details published in a white paper).

Furthermore, during the development of our 'Harness' technology, we discovered real-world product vulnerabilities (previously undisclosed), such as CVE-2026-8913 in networking equipment and CVE-2026-5744 in QEMU. Our ability to achieve such results regardless of model generation or provider stems from our long-developed expertise in vulnerability discovery, systematically encapsulated as 'Harness'.

Barriers That 'Just Letting AI Handle It' Cannot Overcome

We often hear that fully automated diagnostics relying solely on AI hit the following barriers:

- Unable to proceed past login screens (cannot overcome authentication barriers)

- Ineffective tuning of exploration breadth (coverage) and depth, resulting in broad but shallow findings

Our bootcamp takes these challenges to the point of actual 'functionality'.

Moreover, participants will learn the 'triage mindset'—how to identify which AI-generated candidates are truly critical—enabling self-sufficiency even after adoption.

Future Outlook

Through this service, we aim to support realistic internalization of vulnerability assessments in the AI era.

Rather than treating AI adoption as an end in itself, we will support companies in establishing frameworks to conduct assessments internally and integrate them into development processes, contributing to the overall improvement of Japan’s cybersecurity posture.

Company Information

Ricerca Security is a professional offensive security team with service delivery experience for government agencies—including defense sectors—Fortune 500 companies, and clients worldwide.

Our team includes zero-day vulnerability discoverers, authors of cybersecurity books, security researchers with experience at top international universities and major research institutions, and finalists in competitions such as DEFCON CTF and Google CTF.

Company Name: Ricerca Security Co., Ltd.

Address: 5F GLORKS Suidobashi, 3-2-14 Kanda-Misakicho, Chiyoda-ku, Tokyo 101-0061

Established: December 4, 2019

CEO: Ren Kimura

URL: https://ricsec.co.jp/

Tech Blog: https://ricercasecurity.blogspot.com/

note: https://note.com/ricsec

Contact for This Matter

Ricerca Security Co., Ltd.

Email: contact@ricsec.co.jp

FACT BOX

  • Source: PR TIMES
  • Category: New Product
  • Organizations: Anthropic / OpenAI