Bitsec | Bittensor Subnet 60 τ

The Nerds hosted an AMA with @yubrew from $TAO subnet 60 @BitSecAI, and the first thing you need to know is that John is banned from casinos. He was an advantage blackjack player, single deck, and got escorted out by eight security guards. Gus called him Rain Man, and the name stuck. @bitsecai came from a real problem. Three years ago, one of John’s team’s smart contracts had an exploit that cost them $200k. He later used the ChatGPT 3.5 API, spent around $1,000 in inference, and found that same exploit. That was the origin story. The problem @bitsecai is going after is obvious but massive. Security is getting worse, not better. AI-generated code is brittle. Supply chain attacks are increasing. Human auditors can’t scale, and the amount of code being created is exploding. John frames this as a $300B+ per year security problem. Anthropic reportedly spent $20k-$100k per codebase running Mythos, and the curl team confirmed one low-severity finding. @bitsecai pitch is they can do similar work at 5-10% of the cost and faster. You don’t have $100k and you’re not Twitter friends with Dario? Run BitSec weekly or monthly instead. John actually thinks Mythos helped them. It pushed AI security into the mainstream. Even three of his non-tech neighbors asked him about it. The awareness is finally there, and that makes the sales conversation much easier than it would have been six months ago. The subnet runs agents against codebases to find exploits, with the focus on detection. The important distinction is that subnet and production are not the same thing. The subnet is constrained: 30-minute runs, known codebases, open-source models, one agent. Production is much heavier. They run 100M+ tokens per project, stack multiple agents, and sometimes let it run for days. The output is a vulnerability report with file, line number, exploit chain, economic impact, references, and a summary the client can actually use. On traction, they have three paying customers, one in evaluation, and two more in the pipeline. John said this happened without really trying, which is probably the biggest bull case and the biggest warning at the same time. The inbound is there, but they now need the sales and operational muscle to handle it. Lead-to-client conversion takes one to two weeks. Get repo access, scan it, show the client a critical exploit, and the conversation changes. If the code is open source, they can scan it before the bad guys do. Critical bugs can be worth $100k+ in the real world, so the ROI is not hard to understand. The business model is monthly subscription. Teams keep shipping code, BitSec keeps scanning before deployment, creating a recurring security workflow instead of a one-off audit. A portion of revenue goes toward buying back alpha, which John sees as important because supporting the token price helps support the subnet. The honest part of the AMA was the gaps. BitSec needs marketing. They went into the classic trough of sorrow and focused on building hard tech instead of telling the story. Even Const told them they should be focused almost entirely on marketing now. They also need smoother sales and onboarding, probably starting with a junior sales hire. And they need more devs, potentially recruited from the miner base, similar to what Sam Dare did. There was real pushback from Vex at Rendix, which made the AMA better. He pressed John on whether this is truly an AI audit system or more accurately AI-assisted bug-finding. How do you prove coverage? How do you know what you missed? How do you prevent benchmark leakage? John calls it an AI audit system focused on detection. Vex called it a promising AI security detection system. The honest answer is probably somewhere in the middle, and the market will settle the debate through results. @bitsecai is production-ready enough to find real exploits for paying customers. The Mythos moment gave them a perfect narrative tailwind. The tech seems real. The demand seems real

round is currently closed. new round opens for miner agent submissions tomorrow morning 10am ET bitsec.ai/leaderboard

New leaderboard is live. check it out

@RadoTsc @MarsSmuff Anyone who has good ideas and can vibecode has a shot. It's winner takes all

@bitsecai @MarsSmuff Interesting if top miners don’t know you think its possible for the average joe to learn and mine it? Is it winner takes all currently?

One chat changes everything. We reached out to our top miners and had unexpected conversations. You'd expect top miners to be invested and knowledgeable, but they didn't know how far we were with commercialization, how good the product is, why the subnet is essential to the security puzzle, what our roadmap is, and what our top priorities are. If our top miners don't know, likely the Bittensor community doesn't either. We have a clear problem with communication, and it's necessary to fill that gap.

Bittensor is a game of coordination and aligning incentives. and communication is an essential tool, which i didn't appreciate. many go out of their way to help out if you just ask. few communities like this.

Nerds will have an AMA with @yubrew from $TAO subnet 60 @bitsecai May 14th at 11 am EDT.

Sneak peek on the new Bitsec UX, to improve transparency and miner friendliness. In IM V3, we introduced rounds where miners submit agents, they get evaluated and the top one gets emissions. Before miners needed to check discord and make API calls to see submission status. Later this week they can just see on our website dashboard. They can see Round status, current emission levels, agents, screen, evaluation state, and traces.

conviction and locking in alpha reassures investors. investors and miners can also lock in. it's a clear on chain signal for all parties.

supply chain attack... guardrails-ai executes malicious code, steals CI creds to propagate compromise versions

460M+ in losses from 2026 supply chain attacks so far. recommend changing auto-updates to 48h+ so maintainers get a chance to check for malicious updates here's an incomplete list: - Axios npm compromise - Trivy (Aqua Security vulnerability scanner) - LiteLLM (popular PyPI AI/LLM proxy library, ~3.4M downloads/day or 95M+ monthly) - DAEMON Tools supply chain attack (windows installer) - Vercel infrastructure compromise - Mini Shai-Hulud / SAP npm campaigns - SagaEVM Chainlet Exploit - Trust Wallet Malicious Chrome Extension - Safe{Wallet} Infrastructure Compromise

We switched to a round based system in V3. New round every 1-2 weeks. This gives us a better cadence for evaluating submissions, improving the IM, and opening it up to the next round of competition. This round we did two things, allow access to OpenRouter and increase the 20m timeout to 30m. We're making sn conditions closer to production and closely monitoring how agents perform. Top agents that add security coverage get added to our production stack for paying clients.

Hey miners, The next Bitsec round has started and Agent submissions are open from now until Monday 10am ET. We will immediately start eval and the winner gets 30% emissions. Agents can now use OpenRouter for inference, opening up new possibilities with higher inference threshold, expanding available models, tool use, context management, cache management to detect more software vulnerabilities.

@YVR_Trader @bitsecai Basically rock paper scissors for vulnerabilities. 317 covers some, 794 covers others. Together they clear the board.

This changes the game. Before we were looking for the best single agent and use that in production. Now we can point the IM towards weak detection spots to improve coverage to 100%.

we benchmarked a bunch of agents since Bitsec v2 launch. the IM works! proof is in the pudding. we tested out of sample codebases and show agents are improving over time. and we show two agents run in parallel have an even better recall rate. v3 - even better agents

"We're setup... for the computer security apocalypse..." "Computer security is about to go through the most dramatic change ever. Every single latent security bug is about to be exposed." At @bitsecai we've known this for literally years. We believe the need for whitehat security agents is mainstream and mandatory. We're protecting blockchain projects first, and rapidly expanding coverage to everyone.

🚀Big news: @TensorUSD(SN113) 🤝 @bitsecai(SN60) We’ve hit an important milestone for @TensorUSD . We’re teaming up with @bitsecai (SN60) to run a full security audit of the protocol along with smart contracts and this one is different. It’s happening from inside the @bittensor ecosystem. @bitsecai will be reviewing all core bittensor native smart contracts: ERC-20 (TUSDT) Contract Vault Contract Auction Contract Price Oracle Contract Everything that matters, under the microscope. What makes this meaningful isn’t just the audit itself, but who’s doing it. For us, this is a step toward stronger foundations and more confidence in what we’re building. @TensorUSD is aiming to become more than just another stablecoin. The goal is to create something resilient, reliable, and truly aligned with the network it lives in. More updates soon as the audit progresses.