A security firm found that many widely available tools used to detect the Heartbleed vulnerability, may give companies a “false sense of security.”

On Monday, Adrian Hayter, a pen tester at London-based CNS Hut3, revealed that many of the tools have bugs themselves, which result in false negative test results.

Specifically, Hayter discovered three bugs while testing against different server configurations – issues related to servers that don’t support TLSv1.1 or TLS cipher suites, and another problem where downloading server responses during testing timed out due to sluggish connections.

In the test, 13 out of 15 Heartbleed detection tools, including those from Metasploit, Nmap and McAfee, failed to detect impacted services.