Martijn Russchen

@willahmed Hey! Been waiting 5+ weeks for Developer Portal app approval with no response from any support channel. I'm a Life member and built a Whoop integration into my fitness app IntervalCoach, users are asking for it daily but I'm stuck at the test user limit. Any chance you could point me in the right direction?

Last week, a security researcher using our previous model found and disclosed a vulnerability in React that could lead to source code exposure. I believe these models will be a net win for cybersecurity, but we are in the 'real impact phase' as they improve.

Hack faster, write smarter. Hai for Hackers is live on HackerOne. Secure built‑in AI to help you write cleaner and faster reports. Fewer language gaps: less back‑and‑forth. Privacy‑first: data stays on HackerOne. Learn more: docs.hackerone.com/en/articles/12…

@Rainmaker1973 Hagelslag

Jelly isn’t available. Peanut Butter and what?

Hai is leveling up. ⚡ What started as an AI copilot is now a coordinated team of AI agents built to strengthen every layer of your security workflow. Meet the Hai Agentic AI System. bit.ly/3KLcdst

AI is moving security into new territory. 210% more valid AI vulnerabilities. Attackers are combining human creativity with AI speed. Pressure test your AI with external researchers and agentic offsec testing. @Hacker0x01 bit.ly/4gQxyfV

Trend I'm following: evals becoming a must-have skill for product builders and AI companies. It's the first new hard skill in a long time that PMs/engineers/founders have had to learn to be successful. The last one was maybe SQL, and Excel? A few examples: @garrytan: "Evals are emerging as the real moat for AI startups." @kevinweil: "Writing evals is going to become a core skill for product managers." @mikeyk: "Writing evals is probably the most important thing right now." @saranormous: "Evals = your new marketing." @gdb: "Evals are surprisingly often all you need." More to come.

Product management for AI agents is easily the wildest form of product management in history. Typical product management is trying to figure out how to design interfaces and software for people to interact with deterministic systems. The user generally knows all the context to do their work successfully, so it’s generally a matter of nailing the underlying business logic and surrounding UX. But with AI agents, the user you care about most is the agent, and they don’t know anything by default. They’ll happily run in any direction to perform the task, often without success. So as a PM (or engineer) you basically spend your time trying to reverse engineer “what would a human need as context to perform this task”, and then figure out how to design systems to get the agent that data in the right sequence, with the right tools, and instructions. Some of these systems are entire invisible to the human user, but part of the craft is equally how the end-user will interact with the agent to supply this context. Then, it’s often unending trial and error working to eke out incremental points of quality at each stage. This is especially why people with deep domain expertise, or those that can acquire it quickly, will do extremely well building AI agents. The ability to anticipate the context that the agent would need to be successful is a huge determining factor in how effective the agent will be. This partly explains why coding agents have worked so well out of the gate; because its builders deeply understand the domain that they’re working to automate. But clearly we’re going to quickly see this same outcome across every field - legal, healthcare, finance, etc. - as context engineering and a new crop of product managers emerge.

hey @Zoom #BugBounty researchers! New Campaign starting next Monday focused on Zoom Hub (support.zoom.com/hc/en/article?…). 1.25x Bounties! Get Hacking!

The HackerOne Leaderboard is evolving. Today, we’re introducing a new profile type filter with two views: 👤 Individuals (default) 🏢 Collectives It’s a step toward a more transparent, inclusive leaderboard—one built for what’s next. bit.ly/4olDlNR

🔁 RT if you think 🇳🇱 @ThymenArensman is the Super-combative of the #TDF2025! 🔁 RT si vous pensez que 🇳🇱 Thymen Arensman est le Super-combatif du #TDF2025 !

Secure AI by Design at @Hacker0x01: hackerone.com/blog/secure-ai…

@raizamrtn Not available in the Netherlands unfortunately

2/ Today’s code: ‘android’ Play Store: bit.ly/4ecwLES App Store: apple.co/3T898Ub Discord: discord.gg/T4ACDEJXfd

1/ The Daily Briefing has been a hit with people in the morning! I feel like we knew it would land, but we’ve heard from so many people about how it fits in perfectly with their morning routines. - Today we’re upgrading Daily Briefing to give you the following: - A quick overview of the agenda, a birds-eye view of what the briefing will cover - “Back” and “Next” buttons to skip segments - You can jump from segments altogether by tapping on the icons in the tray - We’ve also launched “live mode,” which gives you Huxe on demand, in conversation - DeepCasts are also becoming more personalized! Based on what Huxe knows about you, we’ll start surfacing new DeepCasts just for you We fixed a ton of bugs in June, including the pesky “pause” bug that everyone reported 🥹 I’m really excited for what we’ve got in the pipeline for July. Keep up to date and join the convo in our Discord!

The new @Hacker0x01 AI security agent (HAI) is actually very cool. It suggests improvements when writing reports, helps rate reports using CVSS scores, and even gives feedback on how you could have written the report better. It also suggests potential attack chains, similar vulnerability scenarios, and escalation ideas to strengthen your findings. 🔥 #BugBounty #hackerone

Hey hackers! We're running a beta for Hai for Hackers, our AI security agent. If you're interested, please reply with your HackerOne username (we will probably limit to ~100 hackers for now). After it's been enabled, you can start using it by clicking the Hai button in the top right corner of the app. It’s free to use (with a limited daily budget for now). It is like any other AI you’ve interacted with, with the added benefit that it has access to a whole bunch of HackerOne data, like reports and programs. We’re shipping improvements to Hai almost every day. Here are some neat use cases: - “take all the learnings from STÖK, jhaddix, and nahamsec's recon strategy and build one for me!” - “write a python script for a typical recon process” - “i need an XSS payload that doesn’t use single or double quotes” - “my XXE payload doesn't call back to my server, what could go wrong?” - “write a response for report #133337” The beta also comes with Hai Plays for you, which allows you to build your own security agents in HackerOne. You can create them at hackerone.com/settings/hai_p…. Some of the cool use cases we’ve seen so far are: - write reports with minimal input from you (efficiency++!) - convert reports into blogposts with a single prompt - AI mentor to give feedback about your communication and increase the likelihood of a reward In the background we’ve been working on agentic behavior, which we expect will soon come to Hai for Hackers as well. These AI agents can act like your hacking buddy and hack alongside you. We’ll keep you in the loop on our progress.

🚨 You know generative AI is powerful—but it’s not without risk. Join @Hacker0x01, @AWS, and @AnthropicAI for a chat about deploying AI *confidently*—and best practices for reducing AI application risk. Our expert speakers will cover: - The biggest security risks in GenAI apps—like prompt injection, hallucinations & data leakage - Why third-party evaluations are critical - How to build AI-specific testing into your development lifecycle - Where AI security is headed next 🔗 Sign up here: bit.ly/4jJmjqx #GenAI #AIsecurity #Cybersecurity #AppSec #AWS #HackerOne #Anthropic

@willahmed Whoop 5.0 🙌

Big announcements this week

Wil je weten wanneer er witte rook verschijnt en een nieuwe paus is gekozen? Volg het live via iseralwitterook.com #Conclaaf #WitteRook

Watching MCP gain momentum reminds me of early API adoption—huge potential but massive risk if you’re not careful. @Hacker0x01 bug bounty programs and AI red teaming aren’t nice-to-haves anymore. They bring in external perspectives, which is what you need when your system opens to the external world.

@uraniumhacker Let’s chat!

Hacking with AI recently has been fun. Here is couple of things I did recently: - Parsed multiple JS files within seconds after identifying a target domain. Used the parsing data to find a critical vulnerability. - For a different program, used mixture of redress, radare2 and GPT-4o to reverse engineer a pretty large golang based server. The more I prompt, the more I am convinced automating hacking with AI is the future. #aihacking #hackbot #LLM