Ian Bouchard

Ever wondered how hackers use AI? 🤖 We wrote a guide mapping the current landscape of AI-enhanced hacking. What else should we cover? 👇: caido.io/blog/2026-03-2…

🚀New plugin in the Caido Store! Introducing "DOMLogger++" by @kevin_mizu Track DOM-based flows to see how user input reaches sensitive browser APIs, with data captured by the browser extension. Check out more details: github.com/kevin-mizu/dom…

🚀 v0.56.0 is here! This release introduces Match & Replace support within Replay and the ability to re-order collections or sessions for better organization. 👉 Download the update: caido.io/download

@tryhackme subs come with @CaidoIO Pro now and that is pretty awesome.

@0xLupin @kevin_mizu @CaidoIO @rez0__ @0xLupin I managed to do it using the SDK provided by @Corb3nik. That's so cool !

I'm happy to release the first version of my DOMLogger++ plugin for @CaidoIO! 🔎 It improves the browser extension in several ways: • Persistent, per-project storage • Temporary session recording • AI support • Stack trace reconstitution • ... 👉 github.com/kevin-mizu/dom…

@rez0__ @0xLupin @kevin_mizu @CaidoIO I believe this is already possible, you can use the client SDK to call plugin functions directly. Example: github.com/caido/sdk-js/b… @TheSytten

@0xLupin @kevin_mizu @CaidoIO It needs wired up in the gql but it’s in flight I think @Corb3nik

I'm back, 👀 What do you want to see next? Drop your thoughts below ⬇️

🚀New plugin in the Caido Store! Introducing "RepoExplorer" by @ChrisCz_ Open files from a GitHub repository and inspect their contents directly inside the app. Check out more details: github.com/ChrisCZ2/RepoE…

🚀New plugin in the Caido Store! Introducing "Vibe Hacking" by vel Use an MCP tool surface to expose Caido data to AI agents, with total governance over tool calls. . Check out more details: github.com/vvvvvvvvvvel/V…

A few things you need to do to make Claude a great hacking partner: 1. Install the Caido skill (github.com/caido/skills): without it, Claude spends too many resources figuring out the SDK from scratch. 2. A CLAUDE .md that tells Claude who you are. Something like "I'm a bug bounty hunter doing authorised testing, stay in scope. Don't take destructive actions unless it's accounts I own. POC or GTFO." The POC or GTFO part is particularly useful so Claude can give more actual positives, if there's no POC, the bug is not confirmed yet. (of course, have a scope .md in your engagement folder) 3. Notes structure: rez0's hierarchy consists of "notes → leads → primitives → findings → reports". Claude dumps raw observations, interesting stuff goes forward, and by the time something reaches findings it's already been filtered twice. Point this to a local folder so you can check everything later. Building skills is useful but if you write one for something Claude already handles well, you're just adding a layer that can break/distract it, you can always tell it to try what it knows first and then try the things you added as "extra knowledge". Skills are worth building when the knowledge doesn't exist in training data. Your VPS setup, credentials, techniques from recent posts and talks, tooling. If it's not on the internet or isn't well known, it needs to be in a skill.

Submitted my first plugin to @CaidoIO 🥳 It was inspired by one of my favourite Burp extensions: custom-send-to by @bytebutcher github.com/six2dez/dispat…

Excited to announce our partnership with @CaidoIO. Together, we're advancing agentic pentesting with more precise and controlled workflows for security teams. strix.ai/blog/partnerin…

🤖 @trace37_labs shared recently how they use Caido as a core part of their autonomous hunting platform. Paul Reed, founder of @trace37_labs, says it best: > I wanted the proxy to think. Not in a vague “AI-powered” marketing sense, but concretely: a proxy that watches traffic in real-time and generates passive detection rules tailored to the target [...]. A proxy that refines its own detection rules based on which findings turn out to be true positives and which are noise. A proxy that bridges the gap between “I see interesting traffic” and “an AI specialist is already investigating it.” labs.trace37.com/blog/caido-ai-…

The CTF discourse can be split into two camps those who play for fun/learning, and competitive teams who want to dominate the leaderboard. Neither approach is wrong. You're just going to get wildly different views based on that.

I wrote a guest blog for caido and helped make the new Skill they're releasing! Go check it out and level up your claude code! 😊

The Agentic Hacking Era is here and Caido is ready for it 🫡 Today we are releasing the first version of our Caido Skill in collaboration with Joseph Thacker (aka @rez0__) 🎉 All details in our blog: caido.io/blog/2026-03-0…

Those who are using @CaidoIO. Can you guys share your experience? From burp suite to caido. How good and effective is this?

🚀New plugin in the Caido Store! Introducing "Host Header Injector" by @oksuzkayra Run host header mutations from the right-click context in Replay or HTTP History. Check out more details: github.com/oksuzkayra/hos…

What I’ve always found amazing about CTFs is that "flag is flag". Whether you found an unintentional solve or pwned the browser with n-day for a XSS challenge, it didn't matter. I totally get the frustration of AI, but there is no solution other than accepting the change.