ack3

316 posts

ack3 banner
ack3

ack3

@ack3ai

AI-native cybersecurity audits and tools | Creators of @WakeFramework | Ethereum | Solana | Infra ▮

EVM Katılım Ocak 2022
1.5K Takip Edilen10.1K Takipçiler
ack3
ack3@ack3ai·
Fine print: 2 verdicts still pending; 16 known issues carry a severity rating. We'll correct in-thread if anything shifts. If you run frontier models on production audits, does your overlap look different? ▮
English
0
0
4
224
ack3
ack3@ack3ai·
Why this lineup: GPT-4.6 and Fable 5 are out, but they aren't enabled for cybersecurity work. These three are the newest that are. And newer ≠ better: Opus 4.7 out-discovered Opus 4.8, 36 vs 30.
English
1
0
4
354
ack3
ack3@ack3ai·
One production audit, three frontier models: Opus 4.7, Opus 4.8, GPT-5.5. Same scope, findings validated by humans. Different models discover different bugs. By how much?
English
10
3
21
2.3K
ack3 retweetledi
Wake
Wake@WakeFramework·
1/ LLM performance is not uniform across programming languages: it tracks training-data representation, and Solidity sits at the low-resource end. In 2026, the strongest agent evaluated detects 45.9% of real Solidity vulnerabilities; LLM-written Solidity tests are 2–4.6% correct. The evidence:
English
1
1
4
714
ack3
ack3@ack3ai·
Across every audit, one category dominates our criticals: logic errors — 43% reentrancy — 2% and logic errors are where humans still win over AI. Let AI grind the known patterns, humans hunt intent.
ack3 tweet media
English
6
3
45
2.5K
ack3
ack3@ack3ai·
The best devcontainer for auditing is
English
3
0
8
1.5K
ack3
ack3@ack3ai·
@raopreetam_ @pashov FP rate is hard to evaluate at this scale + we focused only on highs and criticals. Would be great if you share your benchmarks as well (this measurement is also a side product of our internal AI benchmark)
English
0
0
1
70
Preetam📍NYC 🇺🇲
Preetam📍NYC 🇺🇲@raopreetam_·
@0xTomass @pashov We benchmark AI on our own audit pipeline too. Findings-per-dollar is the wrong axis on its own; what are the FP rate and the critical recall for each? On real client scopes, we'll take fewer findings with near-zero false positives over a longer list we have to manually triage
English
1
0
0
67
ack3
ack3@ack3ai·
We just spent $644 to benchmark @pashov with Opus 4.7 MAX: Opus 4.7 — 48/94 found · $2.18/finding Pashov skill — 49/94 found · $11.01/finding Same model underneath, 5× the spend for one extra finding. Anyone having similar results? Dataset in comment.
pashov@pashov

🚨Ethereum Developers: you can now install your first AI Auditor in 1 minute - fully autonomous, available 24/7, with multiple sub-agent helpers. Open Source. FREE to use (with your AI model) and already finding vulnerabilities in smart contracts. Link below🫡

English
21
6
119
22.8K
Kirill Balakhonov
Kirill Balakhonov@balakhonoff·
Which harness do you use guys? It impacts the results a lot! We’ve just tested our Nethermind AuditAgent vs Claude Code with Opus 4.8 - the result is - Pretty much the same Precision ~56% - Two times lower recall ~28%, which means our specialized agent finds two times more correct security issues
English
1
0
0
146
Akash
Akash@akashjana__·
@0xTomass any chance this year’s School of Solana will have a stronger focus on security and auditing? I would love to see that
English
1
0
0
60
ack3
ack3@ack3ai·
@lonelysloth_sec @pashov open to suggestions for a better dataset that a) has verified all findings (recall), b) is public (reproducibility)
English
2
0
0
448
LonelySloth
LonelySloth@lonelysloth_sec·
@0xTomass @pashov All those competitions are in the training data. So you're actually testing recall, not bug finding.
English
4
0
21
1.1K
ABDul Rehman
ABDul Rehman@TheTradMod·
@0xTomass @pashov Were the 49/94 bugs that the Pashov skill caught the same as Opus's 48/94 bugs? Also, what about false positives? Who had more of them?
English
3
0
3
727
ack3
ack3@ack3ai·
Q4 2025 was our wake-up call. We benchmarked current models on unpublished audits. Our auditors: 31 findings. Our AI system: 35 findings. We won't ship a manual review without AI again. And we won't ship AI without a human. The gap to the attackers is the AI system we develop. HUMAN + AI: ZERO HACKS · '26 HACK SEASON ▮
ack3 tweet media
English
7
0
14
2.7K
ack3
ack3@ack3ai·
The future if every white hat got early Mythos access 0 HACKS / 104 AUDITS ▮
ack3 tweet media
English
0
0
4
538