pashov

🚨Ethereum Developers: you can now install your first AI Auditor in 1 minute - fully autonomous, available 24/7, with multiple sub-agent helpers. Open Source. FREE to use (with your AI model) and already finding vulnerabilities in smart contracts. Link below🫡

@contractlevel @ygorz01 @0xiehnnkta @p_tsanev @paradigm @trailofbits Solidity auditor mentioned ✨

@pashov solidity-auditor - github.com/pashov/skills @0xiehnnkta nemesis - github.com/0xiehnnkta/nem… @p_tsanev plamen - github.com/PlamenTSV/plam… @paradigm evmbenchmark - github.com/paradigmxyz/ev… @trailofbits skills - github.com/trailofbits/sk… trailofbits claude config - github.com/trailofbits/cl… @CDSecurity_io - github.com/CDSecurity/cds… aggregated resources: github.com/pashov/ai-web3… #open-source" target="_blank" rel="nofollow noopener">github.com/marchev/awesom…

Speaking of Agent Skills, any other good ones to add to add that also work nicely with Cursor? Would be nice to have some related to smart contracts & security.

@the_jacked_dev Good decision

@pashov It's funny way way back (2021) I thought like "who's the most talented in the tech space?" Or "what job is the toughest?" I came to the conclusion that it's offensive security because you sort of have to know everything and be self reliant. So I made the decision to go that way

Security research is the pinnacle of self-development for tech people It's about being smarter & faster than others. It's about being better than machines. It's about being critically thinking, but not cynical. That's why cybersecurity attracts great people. Be your best self.

@rajafaaiz127 When we see a fit, we give a chance on an audit

@pashov Love this perspective, the hunger to find what others miss is often more valuable than years of experience. I'm in that earlier stage, solid Solidity knowledge, some Rust, and want to build my track record through private audits. How do you typically onboard newer researchers?

I've worked with 150+ security researchers - from top tier experts to promising newbies You'd be surprised how many times the "newbies" contribute things no one else does. Motivation makes all the difference. Now looking to make the number 1000. Scaling the fuck up. Stay close.

@alexgulamova It's absolutely about motivation. Have you pushed yourself on an audit before?

@pashov It's not about motivation, it's about fresh view. Newbies don't have stereotypes, haven't seen the same issues thousands times in a row

@ScrewCopper @aua_oo7 Dana is my boy

@pashov @aua_oo7 Getting Dana white vibes from this :p

@aua_oo7 Good. Join our Discord. Apply there and let's see

@pashov I am doing my best ser in all part, to answer this ser I think the result is very important than word.

@BABS96711 Join the Discord. Apply in there. Let's see

@pashov Built my own audit methodology focused on eliminating false positives, and shadow audits have confirmed it works in practice. Looking for a trial audit opportunity or even junior role at PAG where I can learn from senior auditors and contribute to securing real DeFi protocols.

@aua_oo7 Do you think you are one of these newbies that contribute what no other does

@pashov Currently not too much big achievement from money and reward points, I posted all of them on x. From knowledge and experience point I gained more.

@0xpinkman The trophy or nothing

@pashov I'm here for you champ 🏆

@georgi91757 Emotional intelligence. Observe, instead of letting get taken over.

@pashov The "critically but not cynically" framing is the most underrated part. Watching myself learn, I notice cynicism creeps in around frustration, when something is hard, the easy emotional out is "this is broken" instead of " I don't understand this yet". Discipline!

@BABS96711 Post it here

@pashov Check your DM when you have time sir.

@aua_oo7 What's the most impressive achievement of yours, one that you are proud of

@pashov Smart contract security researching.

@aua_oo7 What can you offer on your end?

@pashov I want now sir 😊

@aua_oo7 When do you want

@pashov When will I be counted among those 150+ 😊.

@sk_ugs Close to

@pashov We are close

Everyone is asking "what to do in web3 security in the AI era" I've been observing multiple masters of web3 security and their AI usage. While everyone starts with just "summarise/explain the codebase", mostly everyone ends up building their own toolings. Tools are usually vibecoded Python & Bash scripts plus Markdown files for the AI. It's packaged expertise. Why would you build such tools? Because they do in 1hr what you did before in 5 days or more. Still, many of the great auditors are not all-in into AI. Many of the top 1% are using A LOT of AI, but their own judgement is still driving the car. Whatever works - that's the right solution. You need to have the correct metrics, KPIs, Key Results or whatever you want to call them. Measure rigorously, constantly and iterate. You must find more and better findings than others, faster. Do what works. Now go🫡

@DevDacian It's more like 95-100%

@pashov "Whatever works" is a good answer for the individual, but "whatever scales" is a great answer for the industry. Where we are heading is at least 70-80% of smart contract bugs will be found via autonomous AI scans and human-AI hybrids find the rest (before blackhats).

@WizzOnChain_ Incorrect

@pashov Inshort you are also not sure.