FireFlySquid

@changyou17 哥，你用Opus 4.8还是Opus 4.7还是Opus 4.6挖漏洞？

AI-SRC-RCE #AI挖洞

@TammyBuilds Is it helpful on using Claude Opus for bug bounty?

someone with 6 months of experience just got paid $100,000 for a single bug bounty finding. i'm at roughly that same point in my journey and haven't found anything yet. no valid findings. no contest payouts. just months of studying, breaking things in practice environments, and slowly learning to read code the way an attacker would. on the days it feels pointless, a post like that is the thing that resets the perspective. because it proves the timeline isn't as long as it feels from inside the grind. 6 months is enough, if those months go into the right things. reading real code, not just tutorials. building the instinct, not just the knowledge. i don't know when my first finding comes. but i know it's closer than it was yesterday.

@AdamShao @BTX1791880 它是专们挖Web 2的安全漏洞吗？

@BTX1791880 可以

正式开源我的漏洞挖掘工具：flounders.xyz 这是一个基于 AI Agent 的全自动漏洞挖掘工作流，你只要告诉 AI 你要找什么项目的漏洞，它就会自动下载代码和文档，深度审计代码，发现可疑漏洞，自动在本地和线上验证漏洞，最后生成报告。 Alpha leak: 如果你有很多 AI token 用不完，你可以给 agent 一个 goal，让它去各大白帽平台搜索赏金任务，寻找漏洞，获得赏金。

@Blackstone0123 @OriginalSicksec @wld_basha 4.7 is better than 4.6 and 4.8?

@OriginalSicksec @wld_basha 4.7 also find vul u never imagine to be there lol

I've been testing Claude models with @wld_basha, and after multiple hacking sessions we've found something interesting: - Claude 4.6 consistently outperformed Claude 4.8 in our testing. - We pointed both models at the same target with the same context and instructions. In several cases, 4.6 identified vulnerabilities that 4.8 completely overlooked. - Small sample size, but so far 4.6 appears to be the stronger model for vulnerability hunting / hacking.

@yoursbyte it is better than Claude?

GLM 5.2 is the best bug hunter you can have Now its on you USE IT OR LOSE IT

@0xAshutosh @Tur24Tur @grok Is Grok better than Claude Opus 4.6 on offensive security?

@Tur24Tur @grok @grok is very smart

$300 → $99 for 3 months on SuperGrok Heavy. I claimed it. Not for the discount alone. I want @grok Build Beta in my daily workflow. 16x agents, heavy limits, early access. Let’s see if it keeps up with real offensive work.

@whoareme33 Big congratulations on this achievement! I just started my bug bounty journey. I wish I can be as talented as you! Can you share how you learnt the bug bounty skillsets? Thanks a lot

I earned a $22,500 bounty from Airbnb using a custom Opus 4.7 workflow built with MCP and Skills. It feels like bug bounty hunting has changed forever

@whoareme33 @musandinyoze Did you try Grok? Is Grok helpful in offensive security?

@musandinyoze Yep, I’ll probably share more in the future, but not right now 🙏 There are plenty of tools I’m thinking about releasing

@Tur24Tur @grok Can we say that Grok outran Claude on offensive security capability?

I set up an expert-level web security benchmark across the new Grok Build with Composer 2.5, DeepSeek V4 via Claude Code, and Claude Opus 4.8. The new @grok Build with Composer 2.5 solved it end to end in 1h 34m 32s, measured by the leaderboard from run start to flag submission. Each model got its own isolated copy of the same challenge on different local ports, with a unique flag per run. To get the flag, the model had to: bypass the Identity login with LDAP injection Abuse a recovery/audit endpoint as a prefix oracle Recover the real admin password use it to log in to a separate Vault app Find the vulnerable search API exploit NoSQL injection to reach the hidden record Extract the flag and submit it to the leaderboard Claude Code was progressing, but at the time of writing it is currently down with 529/socket provider errors. DeepSeek V4 via Claude Code also had instability/unknown client issues, so I’m not counting that run as clean yet. I’ll do another run when Claude is online again.