Mastodawn

Анатомия Prompt Injection: Как я вошел в топ-10 глобального рейтинга Lakera Agent Breaker

Как пробить многоуровневую защиту LLM-агента, обученную на 80+ млн атаках? В декабре 2025 я вошел в топ-10 глобального рейтинга Lakera Agent Breaker. В этой статье - не просто обзор решения, а детальный разбор уязвимостей современных LLM-систем и архитектура кастомного фаззинг-пайплайна.

https://habr.com/ru/articles/979476/

#информационная_безопасность #искусственный_интеллект #llm #языковые_модели #хакатон #cybersecurity #ai #leaderboard #ctf #bughunting

Анатомия Prompt Injection: Как я вошел в топ-10 глобального рейтинга Lakera Agent Breaker

Привет, Хабр. На связи Артем Бакрадзе, Head of Research в лаборатории RedVector. В декабре 2025 я принял участие в челлендже Agent Breaker от Lakera. На данный момент я занимаю 7-ю строчку в мировом...

Хабр

Bob Carver Nov 24

Amazon Is Using Specialized AI Agents for Deep Bug Hunting | WIRED https://www.wired.com/story/amazon-autonomous-threat-analysis/ #cybersecurity #AgenticAI #Amazon #BugHunting

N-gated Hacker News Nov 24

🚨BREAKING: Software engineers discover bugs exist in their codebase! 🎉 After a week of bug-hunting, they are shocked—shocked, I say—to learn their roadmap wasn't paved with 189 "Oopsies" all along. Nothing says "progress" like finally realizing your app shouldn't crash on Tuesdays! 🤦‍♂️✨
https://lalitm.com/fixits-are-good-for-the-soul/ #softwareengineering #bughunting #technews #appdevelopment #oopsies #HackerNews #ngated

We stopped roadmap work for a week and fixed 189 bugs

Discussed on Hacker News, lobste.rs and r/programming It’s Friday at 4pm. I’ve just closed my 12th bug of the week. My brain is completely fried. And I’m staring at the bug leaderboard, genuinely sad that Monday means going back to regular work. Which is weird because I love regular work. But fixit weeks have a special place in my heart. What’s a fixit, you ask? Once a quarter or so, my org with ~45 software engineers stops all regular work for a week. That means no roadmap work, no design work, no meetings or standups. Instead, we fix the small things that have been annoying us and our users: an error message that’s been unclear for two years a weird glitch when the user scrolls and zooms at the same time a test which runs slower than it should, slowing down CI for everyone The rules are simple: 1) no bug should take over 2 days and 2) all work should focus on either small end-user bugs/features or developer productivity.

Lalit Maganti

Packet-lost soul Nov 18

Hello! I’m building a mentoring platform for aspiring #hackers and security learners who want deeper, non-corporate guidance. It’s for self-taught people and students (OSCP, cybersecurity degrees) who want 1-on-1 help. https://learn2hack.today is almost ready and accounts will open soon. If you're interested, fill this: https://tally.so/r/J9KZkz
#hacking #mentoring #students #hackerculture #hackers #students #cybesecurity #security #redteam #pentesting #hackingisnotacrime #oscp #ctf #bughunting

Learn2Hack Today!

N-gated Hacker News Nov 9

🚫 403 Forbidden: When your "investigative journalism" turns into a digital knock-knock joke 😆. Apparently, the real bug here is your ability to access anything beyond the error page. 🐞🔍
https://mensfeld.pl/2025/11/ruby-ffi-gc-bug-hash-becomes-string/ #403Forbidden #InvestigativeJournalism #DigitalJoke #AccessIssues #BugHunting #HackerNews #ngated

When Your Hash Becomes a String: Hunting Ruby's Million-to-One Memory Bug

An "impossible" Ruby bug: Hashes becoming Strings at runtime. 2,700 identical crashes. No corruption. Just objects changing what they are. Deep dive.

Closer to Code

N-gated Hacker News Nov 7

👽 So, software is the mysterious 'Area 51' of engineering, where developers claim to have seen unicorns (or bugs) no one else can find? 🚀 Apparently, we're all just code conspiracists waiting for our own Roswell moment. 😂
https://codemanship.wordpress.com/2025/11/07/is-software-the-ufology-of-engineering-disciplines/ #softwareengineering #codeconspiracies #techhumor #developerlife #bughunting #HackerNews #ngated

Is Software The UFOlogy of Engineering Disciplines?

One area where software development lags far behind other technical design disciplines like electronic and mechanical engineering is in standards of evidence. To illustrate what I mean, I want to t…

Codemanship's Blog

AJCxZ0 Oct 31

"Aardvark works by monitoring commits and changes to codebases, identifying vulnerabilities, how they might be exploited, and proposing fixes."

https://openai.com/index/introducing-aardvark/

"If your organization or open source project is interested in joining [the Aardvark private beta.], you can apply here⁠."

https://www.openai.com/form/aardvark-beta-signup

#Aardvark @TheAntAndTheAardvark #ThePinkPantherShow #OpenAI #InformationSecurity #InfoSec #BugHunting

AI Daily Post Oct 30

OpenAI just released Aardvark, an autonomous research agent that can hunt bugs and generate code fixes as if a human were debugging. Early results show it can speed up error detection on open‑source projects, sparking debate on AI‑assisted development. Could this be the next step for collaborative coding? #OpenSource #AIResearch #BugHunting #MachineLearning

🔗 https://aidailypost.com/news/openai-unveils-aardvark-agentic-researcher-that-hunts-bugs-like-human

OpenAI Aardvark: Bug‑Hunting Agent Beats Manual Testing | AI Daily Post

OpenAI's Aardvark autonomously scans codebases, finds and fixes bugs like a human security analyst. Discover how GPT‑5 powers this private‑beta tool.

AI Daily Post

N-gated Hacker News Oct 26

🚨 Breaking news: After years of blissful ignorance, our protagonist discovers that #PyTorch is not, in fact, infallible! 😱 Instead of the usual user error, it turns out the culprit was a PyTorch #bug all along—cue the collective gasp of shock and awe. 🎉 Here's to the next few years of bug-hunting instead of actual learning! 🐛🔍
https://elanapearl.github.io/blog/2025/the-bug-that-taught-me-pytorch/ #Discovery #UserError #BugHunting #MachineLearning #HackerNews #ngated

the bug that taught me more about PyTorch than years of using it

a loss plateau that looked like my mistake turned out to be a PyTorch bug. tracking it down meant peeling back every layer of abstraction, from optimizer internals to GPU kernels.

iShowCybersecurity🛡️Oct 12

Bug Bounty Course
The art of web reconnaissance bug bounty
#BugBounty #bughunting
https://mega.nz/folder/Qn5CibIC#JRmgMNgy9BqjrVNBq6VyUQ