We are back for DEF CON 33 this August. To celebrate, we will be giving away 10 more one-month Pentesterlab licenses! To enter: 1️⃣ Follow us on X Bug Bounty Village 2️⃣ Like this post ❤️ 3️⃣ Retweet this post The giveaway is open until Friday (3/21) Good Luck! #BugBounty #DEFCON

“Quisque aliquid habet quod occultet”. There is no such thing as a backdoor only the “good guys” can use.

Signal's a great app to keep your communications secure, but make sure you know the identities of the users in your group chats. Our SSD guide on how to use Signal includes guidance on managing your group chat preferences. ssd.eff.org/module/how-to-…

❌ “Learn to code”. ✅ “Learn to make”. Technology is currently the best lever for one person to improve the lives of millions. And today that means making stuff using code. Making should be a core skill, like reading and writing. Learn to make.

i wrote a thing about all the different teams in north korea dedicated exclusively to fucking your shit up and how you can know exactly which one just ruined your entire month paradigm.xyz/2025/03/demyst…

Watching MCP gain momentum reminds me of early API adoption—huge potential but massive risk if you’re not careful. HackerOne bug bounty programs and AI red teaming aren’t nice-to-haves anymore. They bring in external perspectives, which is what you need when your system opens

Cardinals over age 80 cannot vote for the next Pope to “ensure the full faculties of those exercising such a grave responsibility.” If the US Congress were the College of Cardinals, 23 members would not be able to participate in the coming conclave…

Some notes from the floor: Most products do not leverage ML, just an LLM Most are using LLAMA hosted by the company. No they are not tuned or trained. Just system prompted. Many vendors replied data was local when it was obviously not Llms biggest killer feature?

this is what the crypto insiders dont want you to know about what a project's choice of domain says: .com/.org - found pmf .xyz - "hello i do crypto" .finance/.fi - defi lego .network - tried to do a chain .fun - scam

We're launching a new bug bounty initiative to stress-test an updated version of our anti-jailbreaking system before it’s publicly deployed. The program, in partnership with HackerOne, runs through Sunday.

This. I want to see more companies disclosing like Anthropic, not less.

I vibe coded and shipped an app in three days. It got hacked. Twice. Here’s what I learned. 🧵

👀

Hey Grok ! Make a leaderboard of top people in ai

Grok said it so it must be true!

Promise that we will also be dropping some fun bugs and techniques :)

Prompt injection dominates AI security discussions, but little public research exists on writing powerful, discreet, and reliable exploits until now 🧵

First DEF CON talk ✅ Shlomie Liberow and I dove into bug bounties for AI, rolled with a busted stage screen, and still packed the room. Great questions, great crowd, zero slides needed. Excited to watch the rest of the talks at Bug Bounty Village

Late DEF CON brain dump. Wrote a post on what I think a hacker is, pulled examples from history (Alexander the Great, Bletchley Park, T-Pain…), and explained why that mindset might be the only thing standing between us and a very cooked future medium.com/@gonzo-hacks/t…

Designing and Participating in AI Bug Bounty Programs - youtube.com/watch?v=e109g1… at DEF CON Dane Sherrets, Shlomie Liberow Dane and Shlomie will showcase technical deep dives into real-world AI vulnerabilities, covering adversarial prompts, indirect prompt injection, context