Harsh Jaiswal

AI-accelerated security isn’t the future, it’s already happening and it’s changing how we approach real vulnerability research. In our latest case study, we break down how we used Hacktron CLI - an internal tool that helped us hack faster and smarter to compress weeks of research into days. Today, we’re opening it up to security researchers, penetration testers, and developers. We’re excited to bring more people in. Join the waitlist: app.hacktron.ai/signup

@steventseeley (whatever it is, im one for now)

@steventseeley There should be a term for this, promptkiddie? claudekiddie?

Omg this is so fun, I get to be a script kiddie again!

Fun times ahead for bb hunters xddd

Cloudflare built a Next.js replacement in a week with vibe-coding. We vibe-hacked and found numerous vulnerabilities, multiple critical and high severity. On Cloudflare Workers, one of the bugs leaks one user's session to another by default. hacktron.ai/blog/hacking-c…

@S1r1u5_ Did you also notice getting an unrelated absurd response once in a blue moon?

help: might be naive, does MoE affect model quality when batching different user requests? like on claude/openai they do continuous batching right, so multiple requests from completely different domains get loaded on same model weights on gpu, like a harvey user doing legal review, cursor user doing code completion, and hacktron user doing vulnerability research all in the same batch. how does the router pick the right expert here? is there a chance a vulnerability research token gets misrouted to a legal expert because of the batch composition? or does batching not affect routing at all?

i'm tired boss

@nnwakelam 🙏 thank you! Checking.

@rootxharsh Rawai / Nai Harn is nice. I can recommend you some saunas. Otherwise Bang Tao or Cherntalay. Try and get something as close to the beach as possible. For Krabi, it's fairly booked at the moment you probably will need a scooter for both locations.

Anyone have any recommendations for staying in Phuket and Krabi? Preferably- good internet, good evenings walks, beach not too far,

@nnwakelam 1 week phuket. 1 week krabi.

@rootxharsh How long for?

Give this man his visa already

The exploit for CVE-2026-1731 is out. The APT of CVE-2026-1281 missed a major target 😅. Props to watchTowr for the blog on it. The moment I read it, my instinct said there had to be a variant in remote support, given how heavily it relies on bash scripts. @HacktronAI did the rest. Literally gave me PoC in hand. (Vibe hacking?) What surprised me was that I didn’t know this bash quirk earlier, even though I’d already run into a similar quirk in another language. Consider this a reminder: read the blogs. Always.

@ArmanSameer95 @S1r1u5_ Lol

@S1r1u5_ @rootxharsh Driving around to decide a scope haha

CVE-2026-1731 Last night @rootxharsh and I were driving around Hyderabad, looking at office buildings and checking if we could RCE any of them. Every single building had a company we could potentially pwn.

We found a RCE in Google's AI code editor Antigravity - $10000 Bounty Link to the blog in comments:

hacktron.ai/blog/cve-2026-… beyondtrust.com/trust-center/s…

Found my most widespread 0-day RCE today, pretty much most of the Fortune 100. I wished to hack this target for a long time.

🚨 CVE-2026-1731 🚨 Our team discovered a critical pre-auth RCE affecting BeyondTrust Remote Support & Privileged Remote Access. SaaS/Cloud instances have been patched. If you're running self-hosted deployments, apply the patches immediately. More info in the comments.

how do people use MS teams? what a broken software. Claude code would write better than this slop.

Huge respect for people who can lock in from anywhere, especially co work spaces wowork etc, i for whatever reason cant get things done there.

Cooked!