pkqs90

$32,000 paid out. Two high-severity bugs. One Warden. Huge shoutout to @pkqs90 for back-to-back high-severity findings in the @succinctlabs and @gmtrade_xyz bug bounties on Code4rena! Here's a look at those payouts!🧵👇

@xiaoming9090 @0xfluid @sherlockdefi 🐐

Glad to have secured 1st place in the Fluid V2 contest. Managed to find all H/M issues in the contest. Thanks to @0xfluid and @sherlockdefi for the opportunity!

Congratulations to security researcher @pkqs90! $49,000 for a blockchain/dlt crit. Well done, sir! Pledge IMU to pkqs here and earn when they find bugs: immunefi.com/pledge/pkqs90/

@WhiteknightKK 是的, 最近太蠢了.. 希望是新模型发布的前兆

@pkqs90 他最近特别轴 让他往东非要往西

You know a model is NERFED when working a defi codebase and it replies 液化 (liquify) for liquidation

@ret2basic 没毛病

@pkqs90 他的意思是抵押品都化成水了 没毛病

@pranayraj069 gpt5.4, hope they launch something soon to explain the recent nerfs lol

@pkqs90 claude ?

@0xpeternguyen @immunefi if I find time for it, then maybe yes

@pkqs90 @immunefi Wow. Congratulations. Btw Is there disclosure issue to be learned?

Bagged 4 crits in the last 2 months on @immunefi. 2.5k, 5k, 10k, 50k, the last one should’ve been 100k, but it is what it is. Payouts are def worse nowadays compared to the bull market, but overall still pretty happy with the hunt so far.

Very solid codebase for @flyingtulip_ 🫡

@sama too late I already wasted my cursor ultra on opus 4.6

GPT-5.3-Codex is rolling out today in Cursor, Github, and VS Code!

@KrisRenzo Just a wild guess based on my own experience

@pkqs90 And how would you know this? From the periodic “my AI tool just found a critical bug” announcement on X?

Prediction: By the end of 2026, the leading individuals in Web3 security won't be differentiated by critical thinking and hard work alone. It'll also come down to an AI-native auditing workflow. If you're not running AI intensively in your regular audit process, you'll fall behind, fast.

@TangSong29002 the bad: less demand for junior/mid level auditors the good: adopt ai to move up faster

@pkqs90 So, is this good news or bad news for beginners?

@deadrosesxyz will come back to this on 2026/12/31

@pkqs90 im down to take a bet on the opposite side

💡AI's Transformative Impact on Web3 Security: Predictions from Late 2026 Onwards💡 From late 2026 onwards what was once a domain dominated by human auditors poring over code will evolve into a hybrid ecosystem where AI amplifies human expertise, reduces costs, and reshapes incentives. 1⃣ Lowering Total Cost of Securing a Protocol One of the most tangible impacts of AI will be a reduction in the overall cost of securing web3 protocols. Today in early 2026 we're already seeing specialist AI agents detecting a broad spectrum of vulnerabilities. Foundational models continue to improve in reasoning and skilled researchers are layering on custom heuristics, creating specialist AIs that can find valuable bugs "at scale". External audits which can easily run into six figures for a comprehensive review have long been a pain point for protocols. If an initial audit uncovers too many findings protocols often face costly re-audits, delaying launches and inflating budgets. By late 2026 specialist "PR Review" agents will be commonly used during development to catch bugs early - and some specialist AI products can catch an impressive range of bugs today; this will only improve by late 2026 & onwards. AI will also supercharge testing methodologies, making it much easier and cost-effective for developers to commonly deliver hardened codebases featuring invariant testing and formal verification. The net effect? Protocols will require fewer external audits, lowering the total cost of securing a protocol. 2⃣ The Evolving Role of Human Auditors Human auditors won't disappear; instead, their work will pivot toward higher-value activities. By late 2026, a growing number of auditors will shift from manual code reviews to developing and refining heuristics for specialist AIs. The trend of auditors consolidating into larger firms will continue; expectations for efficiency will increase across the board. The best auditors will leverage AI to become super-human, highly-efficient bug-finding machines. 3⃣ Capped Auditor Remuneration in Maturing Market The web3 security space is maturing rapidly. In the Wild West days of 2021-2024, sky-high fees and long waiting times were justified by rampant hacks and scarce expertise. But as many skilled auditors transition into creating heuristics for Specialist AI auditors vastly improving their vulnerability detection, clients will increasingly prioritize speed & value. Market share will gravitate toward quality brands that consistently deliver great security output at an efficient price point, who provide great value for money. Intermediate-Senior human auditors will still be able to make a good living but the extremely expensive ones may struggle to remain consistently booked, a trend which played out especially through the first half of 2025 and will accelerate in the future. New & Junior auditors will struggle as the bar to achieving professional success will be raised higher & there will be more competition than ever; they will be completely replaced by Specialist AIs who will consistently perform better providing more value than them. 4⃣ Shorter Exploit Windows and the Elimination of Common Bugs AI's double-edged sword will manifest in exploit dynamics. On the dark side, blackhat AIs will exploit vulnerabilities faster than ever. A protocol launching with bugs in late 2026 could be drained in hours, not days, as blackhat AIs trawl the blockchain in real-time. Conversely, mass adoption of specialist AIs by developers will nearly eliminate certain bug classes. Reentrancy, integer overflows, incorrect rounding direction and access control flaws could become relics, caught routinely during the development process and not even making it to external audits let alone to live deployment. 5⃣ Human-AI Symbiosis Here's the key: Specialist AIs won't stay effective without human input. Auditors and researchers must continually update them with the latest heuristics, drawing from private/competitive audits, post-mortems of hacks and other threat data. This creates a virtuous cycle—humans teach AIs, AIs protect protocols, and the ecosystem grows more resilient providing increasingly efficient security "at scale". In summary, from late 2026 onwards, AI won't replace web3 security professionals but will redefine the field as a collaborative powerhouse. Roles will evolve & markets will mature - for devs, auditors, and protocols: Embrace AI now, or risk being left behind.

@WhiteknightKK 会 overdesign，然后在没必要的地方加很多细节，给人一种 "6202年了正经人谁没事浪费时间写这个" 的感觉 lol

@pkqs90 ai写的合约代码有什么区别呀 会很抽象吗

The moment you’re reading some confusing code and this close to cursing… then you realize it’s probably 99% AI generated