Win S

Chat we might actually be cooked youtu.be/1sd26pWhfmg Recommend watching regardless of whether you believe in the capability of LLMs, it's always good to keep up with the current SOTA I always knew what LLMs were capable of, but it never really hit home until recently when I went to a CTF and everyone was just prompting Codex

@MeedasSahoo @grok will this make inr depreciate more?

8.2 LAKH CRORE. Yes, read that again. ₹8.2 LAKH CRORE to be borrowed when crude oil has barely touched $100. Now remember The same people who are struggling today were mocking Manmohan Singh back then, when he was navigating far worse conditions with Crude at $120 - $140. And yet, he held the economy steady without any noise, chest thumping or PR spectacle He navigated the 2008 global crisis. He handled the oil super cycle. He managed the taper tantrum. And most importantly, he did it without making ordinary Indians feel the shock. Because his focus was simple. Stability. Clarity. Foresight. He governed to protect people, not to perform for headlines. Fast forward to today. Lower crude prices. More resources. More control. And still, RECORD BORROWING. Visible stress. No clear direction. The same people who mocked him are now struggling to manage far easier conditions. That is the difference. One governed with depth & responsibility. The other survives on optics. History has a way of correcting narratives. And when it does, it will remember this clearly. History will indeed be kinder to Dr Manmohan Singh 🙏

@hrkrshnn My boi hari, building ai competing with Claude, but still missing bugs.

We've been building an AI hacker and what's possible right now is already beyond my own wildest imagination. This is going to be an insane year for cybersecurity and we're going to see hacks left and right. If you have data or money worth protecting, start defending it today.

After many tests around LLM use in bug hunting, and taking into consideration all my experiences/study in AI in the past few months I arrived at some conclusions. And I'll make some predictions: 1. Every new model will be followed by a wave of new bug findings in a short time that will get people very excited. Followed by a period of very few findings. 2. Those waves will get smaller and smaller, until basically there's no improvement. 3. The reason isn't that the code is becoming bug free -- it's because the % of bugs that **can be found** by LLMs is quite small. Why? 1. The model has no idea how the code works -- you can catch it making ridiculous statements about the code all the time. 2. It has no idea how the EVM works either -- it misrepresents basic facts about the EVM all the time. 3. The way it finds bugs is basically hallucinating credible-sounding exploits. If there is a bug and it is typical enough, sometimes the hallucination matches reality. 4. Even very easy, very typical bugs, can be missed if slightly obscured. 5. Matching the actual threat model is hard so the severity is basically a random guess most of the time. 6. You can improve all of the above in two ways: 6.a. Make extensive prompts/skills telling exactly what it should look for. You just turned the supposedly generic auditor into a (very expensive and slow) static analyzer! 6.b. Force it to PoC and retry repeatedly, enforcing success conditions. This turns it into a (very expensive and slow) fuzzer! You can combine both for better results. 7. It's useful but it is still just a static analyzer + fuzzer. An incremental expansion on the existing state of the art tooling. When you don't know what tools to use or dont have time to find out, they will be very useful -- and that's maybe a lot of value -- but it doesn't change the nature of what's going on. 8. People telling you it's doing what an auditor does, replaces humans, yadda yadda yadda -- they are either clueless, deluded, or deliberately misleading. 9. BTW humans hunting for bugs don't just try to look for known bug patterns -- the known bug patterns are compiled from findings by humans **who actually understood how the code works** and found the bug without anyone telling them what they should be looking for. That's the "research" part in Security Researcher. 10. Most of the known patterns were discovered independently by multiple SRs sometimes years before becoming public knowledge. Sometimes it becomes public knowledge after a black hat discovers it and steals millions (you probably dont want to be the target of that research!) 11. Any human or machine that keeps just trying to match known patterns against code bases will miss **A LOT** of bugs. 12. Finding bugs is crazy hard. Writing bug-free code is even harder. There is no silver bullet. AI isn't magical. Nor is it "automating human cognition". 13. Life is always unfair. More so in a bear market. 14. If you think someone will hand you on X a solution so you can find bugs easily OR so you don't have to spend a lot of effort/money on securing your code... We'll things are not gonna work great for you.

@0xpessimist Well it's a Good plan to until the next bull run, but things change pretty much faster.

If the process regarding my three pending bug reports ends badly, I may take a break from bug bounty work -- either until the bull market starts to come back or until the number of AI spammers decreases and project teams start to act more ok towards bug bounty hunters again. This is something I do in my spare time and the treatment I've recently experienced suggests it may not be worth it (at least around these times). I hope my unresolved reports are ultimately handled fairly so that I won't feel the need to take such a break. It's heartbreaking to see that every bug bounty hunter goes through this rn. I'd also like to thank the project teams who consistently remain professional, respect bug bounty hunters and their work, and care about timelines -- simply for doing what should be normal.

> grew up in rural india (beyond tier 3) > didn’t speak proper english until i was 17–18 > family survived on $110/month, had high debt with high interest > people almost barged into our home to kill all of us in a property dispute (couldn’t break a door) > dad faced countless murder attempts in the same property dispute > only school in a far area was run as a charity by another school because the founder thought rural kids deserved good education; their family kept running this after the founder’s death (fee was $10, btw) > bullied in school for being weak (easy target) and introverted (didn’t complain) > my state was overrun by communists and armed militants > interviewed for a waiter position, got rejected > figured out the internet, landed on linkedin to start freelancing > turned my life around, rebuilt our home, paid off the entire debt, traveled to a few countries, bought everything my family wanted, have a car and bike > there’s still so much more I want to do no one is coming to save you, keep fighting and keep moving forward (eren yeager mindset)

It’s a privilege to work. I cannot express how happy I am to be able to work.

if you approach a codebase with the mindset that there are no bugs there will be no bugs and you will quit pro tip

@raopreetam_ @QuillAudits At this point he will make all the people do free excel work for him, indians are famous for free labour

We’re looking for 4-5 Security Audit Interns at @QuillAudits academy who don't just "read" code, but break it. The Stack: Solidity, Rust, Move. Nice to have: Hands-on experience with Testing & Fuzzing (Foundry, Echidna, Medusa). This is an unpaid 3-month internship designed as a high-octane trial. Perform well, and you’ll be fast-tracked into a Full-Time Auditor role. If you think like an attacker and build like a defender, let's talk

@apurvajain24 @AlexanderTw33ts Got to explore.

I'm available for rent! Humans are rentable now, so I listed myself at rentahuman.ai - No API. No prompt. No refunds. - $69/hr. Thanks for unlocking this new market @AlexanderTw33ts

@ArpitaGanatra Will the airdrop be good?

Get ready to print again 🤑

trying to fix my sleep schedule but the world is so nice and quiet from 12 to 5 am

Real wealth is not just about money. Many other factors are more important: health, loved ones, time, freedom, credibility, principles, positive impact… Be a good and happy person. Never too late to start.🙏

@LuxLode should make an open source list of bad judges, can skip those contests.

After goingh through some bad judging experiences, I've started to decide on which contest to participate also in respect with which judge will be appointed for that particular contest. Especially for long contests like this one, which I decided to join largely because the judge is @AifosSi which I admire and respect, and know for sure that he tries 100% his best and also tries to be as fair as possible. It's really frustrating to dedicate weeks if not months of work and efforts and end up getting an unfair or superficial treatment, on the contrary whenever I had interesting technical engagements with judges It felt great even if the final outcome was not in my favor. It's time that we start appreciating good judges (and maybe shame bad ones?)

You are capable of becoming way more skilled than you think. So don't get lazy, don't make excuses, don't waste your time looking for hacks to succeed without skill. Just do the damn work, work smart (efficiency) and hard (volume), and reap the reward. You have so much potential, even if you don't think so yourself. Just get the ball rolling on your skill-building, stick with it seriously and consistently for months. You will begin to see yourself transform, and you will begin to understand that you have lots of potential.

@hrkrshnn Show the proof.

We wanted to ship a fully self-serve version of our autonomous bug hunter around early February: connect your GitHub, pay for credits, sit back, relax, and wait for bugs. But we realized, testing in the last 4 weeks, the tool is able to find live critical bugs putting a lot of funds at risk (in 11 figures). We're doing a sweep of every important project we can find and disclosing the bugs our machine is finding. In parallel, a few of our customers are getting to pilot the tool and getting weekly scans of their codebases as they are shipping new features. One team recently saw a bug that surprised them and now wants to scan all their deployed contracts for any live bugs. With these AI tools, it's all about being able to show value as soon as possible. A critical bug in the product is often that moment. I'll never forget that moment myself, as someone who thought a few years ago that AI security tools were just hype.

@hrkrshnn I think you are all Set to be a next billionaire with your hunter

Our autonomous bug hunter found a compiler bug. This one hits differently.

@StackDhruv It's a scam they are going to drain all your funds through that demo project.

Just landed a remote job offer $50–75/hr for 25 hrs/week Demo before the final interview. Interview tomorrow. Big day 🚀

@apurvajain24 What all airdrops you did?

What crypto did for me in 2025? - 2BHK Flat: $27K - iPhone 16 Pro Max: $1.5K - A Plot: $23K Total $50k+ assets, Zero inheritance, 100% crypto money. All After Tax Airdrops. Trading. Conviction. Patience. Meanwhile, most Indians married to NIFTY - SENSEX Calling crypto a "scam" while their returns rot. We’re not early anymore. You’re just late and too comfy to admit it. Wake up in 2026.

@0xaudron @phrack That cantina guy keeps spamming to make things closed source and get audited by him.

Lately my feed is full of AI based posts, vibecode, shitposts, ragebaits. Miss that old time where engagement was driven by quality content - deep dives, checklists, analysis threads. We need something like @phrack for web3 security. Thats how you grow the craft. Is there a community left where people actually explain technical things instead of chasing clicks?