Karlo Hubak

@0xcastle_chain testnet contract attacks?

3 weeks of Solana Audit Arena. zero prizes. let me show you what happened 3 real protocols put under the lens 5 researchers ranked on a leaderboard that started at zero findings that would've drained live treasuries if they'd hit mainnet a community that showed up because the work was the reward all of it free. all of it open. in the next week, we will have real prizes. and one technical shift nobody on this timeline is expecting. first researcher to guess what the shift is gets a guaranteed slot in monday's reward pool drop your guess in the replies hint: it's what every serious solana team is migrating to in 2026🧠

@matija_sol @AKarpathy @OpenAI @claudeai @Kimi_Moonshot some whipping sound effects for v2 are almost non negotiable

Fucked around and built myself a UI for managing 10+ agents in sync - Squadron - 1-click spawn and management - Knowledge graphs for each @AKarpathy style - Collaborative chats between agents - Visual access gating - Built-in text editor Anyone that'd use this?

@MiodragStrak Congrats!

A new paper I co-authored has just been published. I don’t work in academia anymore, but research still feels like home. Thanks to my co-authors for the journey. hrcak.srce.hr/en/file/500466

AI is getting ridiculously good, and it's making your security really messy... Hackers are using AI to find live bugs that were missed before AI was used in security. If you've been audited in 2026 (at least since Q2), I'm fairly certain that every audit firm has used AI to audit your code. However, ALL live codebases audited manually (probably pre-2026) NEED to be rechecked and triaged using AI. This applies to closed-source contracts, too. If AI is better than any human at finding vulns, and AI audits began only a couple of months ago, what percentage of your codebase was secure against human blackhats, but not against AI? I don't care who did your audit. Reach out to them and get a recheck of EVERYTHING. AI is only getting better, and it's going to continue to find exploitable mistakes that humans made.

@sama @thdxr @sama you are a very kind person amidst attending the courtroom.

@thdxr thank you, i think extremely high of opencode and yall are also not so easy to deal with

3/ solution? 1-increase token grants. 2-build an oss grant-funded web3sec ai tool. 3-idk, suggest?

multiple web3sec x ai builders showing up on the conest/bb leaderboards. curious to see what they can achieve /w the newest models. 🧵

2/ if we don't keep whitehats incentivised, who is going to protect the system?

1/ for the black hats, it is easy-go to spend even 500k on compute. 5x 500k to hack one 200mil protocol -> math is simple.

@JosipVolarevic2 @hthieblot @hobba_io @IgorJerkovic reverse-casino odds on betting on this one!

@hthieblot You should look into @hobba_io (@IgorJerkovic). Just used them in closed alpha. I fully expect them to blow up soon and handle 7-9 figures in TVL in H2 of 2026. x.com/i/status/20505…

Just gave $175K to a founder who cold DM’d. He had bellow 200 followers. Completely unknown to me Who is next? Hit me up.

@sama Will pluging pro subscription api key to cursor work?

GPT-5.5 is here! We hope it's useful to you. I personally like it.

@event_mesh @JosipVolarevic2 @matija_sol @SuperteamBLKN @colosseum @superteam np, maybe infra for agents-on-time/agentic-time(s).. cross "s-on". again plural issues for stunning visuals, idk.

@khubak @JosipVolarevic2 @matija_sol @SuperteamBLKN @colosseum @superteam this is helpful, thank you

big ups to @JosipVolarevic2 & @matija_sol from @SuperteamBLKN for an incredible session on 'pitch decks that win' 🫡 the bad news: our one-liner got a 👎 live on call. the good news: we're crowdsourcing a better one. eventmesh is building infra for agents that listen to the world and react in real-time. what's your pick? a) real-time signals for solana agents b) push events for solana agents. c) build agents that react in real-time d) your own, drop it below 👇 winner gets lifetime free credits to our app

@lonelysloth_sec quant

A few steps towards “bug free world” 1. Companies prioritize AI scans to find more bugs. 2. Human analysts/SRs focus on LLM-augmented bug finding. 3. Bug reports are triaged by LLMs 4. All are constrained by LLM capabilities. No amount of prompting can make an LLM scan patterns it doesn’t have. 5. Black hats learn heuristics for what sorts of bugs LLMs miss. 6. Black hats revert to doing work mostly manually. 7. More exploits. 8. AI marketing says black hats are using more sophisticated AI. You need to spend more in AI to catch up. 9. Repeat. That’s the real bug apocalypse risk.

@rsquare @SafeLabs_ @0xriptide

I'm looking for solutions using LLMs/AI/Agents that are enabling a super charged defensive model for teams, products & companies. In particular for @SafeLabs_ Who should I talk to?

@0xFireFist gz! 🫡

🤝Time to make history

great talk on the state of AISec in 2026 and a lil' bit of actual trustworthy claude mythos alpha

@PashovAuditGrp @Polymarket @devjoshstevens deserved 🔥

Pashov Audit Group 🤝 @Polymarket VP of Engineering @devjoshstevens together with his talented team aims to bring elite security expertise to Polymarket's systems with our team. Excited to work with 11 figures company, coming with the big guns! Let us impress🫡

@h0mbre_ loser mentality claude

Opus 4.7 got worse at "Cybersecurity vulnerability reproduction" as it became more a more well-rounded person. It just doesn't have that dog in it anymore.

@Ehsan1579 bros locked in

Around last year this month of April, I was under a lot of financial pressure. Family had a lot of debt, no money, wifi and phone lines cut off, nobody could talk to each-other, no food, I used to eat potatoes my brother made with some garlic, and no hope for any better future, last attempts at creating something valuable in the world failed despite being very close. Failure was all there was. When humans face immense pressure, I believe they turn into a robotic state, they stop processing emotions temporarily and the need to have a purpose or to think something through before doing it is gone so is your self-awareness, you just turn into this thing that needs to survive at least one last time. I went to libraries and worked there I didn’t expect much I just did whatever I had to do when libraries closed I used to park outside the library in the parking so I can still access the library’s wifi. April was a difficult month but then that’s when May came.