Stop asking LLMs to “find vulns.” Start using them to understand code. Andrew Luke walks through using Claude Code as a force multiplier in app assessments - faster analysis, fewer false positives, better outcomes. Check it out: ghst.ly/4rA3uJd

x.com/i/article/2043…

AI agents are the new attack surface and almost nobody is testing them properly github.com/langwatch/scen…

Signed to Kill: Reverse Engineering a 0-Day Used to Disable CrowdStrike EDR core-jmp.org/2026/04/signed…

The Rise of AI Pentesting Agents: A Technical Analysis appsecsanta.com/research/ai-pe…

Autonomous penetration testing using a swarm of AI agents. Orchestrates recon, classification, exploitation, and reporting specialists with ReAct reasoning — supports bug bounty, continuous monitoring, and CTF modes. Built with Go, Claude API, and 7+ native security tools.

AI penetration testing toolkit github.com/Mr-Infect/AI-p…

Great write up of how Trail of Bits was able to find vulnerabilities in Google’s zero knowledge prover and generate a fake proof: blog.trailofbits.com/2026/04/17/we-…

Writeup: gist.github.com/moyix/203c4161…

Needle in the haystack: LLMs for vulnerability research - Devansh (⚡, 🥷) devansh.bearblog.dev/needle-in-the-…

From an economic perspective, once we are back to equilibrium, bugs in critical software will be just as difficult to find as they were before AI agents (and before fuzzing). More details: arxiv.org/abs/2402.01944… (Security as a function of incentive)

GOOGLE BUILT A VULNERABILITY SCANNER AND OPEN-SOURCED IT most devs ship code without knowing half their dependencies are ticking time bombs osv-scanner fixes that it scans your entire project lockfiles, containers, even vendored c/c++ code and maps every dependency against the

Exploiting llama.cpp’s RPC Server - From Null Buffer to RCE Against PIE + Full RELRO + NX | CVE-2026-34159: The vulnerability is a one-line logic bug in the RPC server’s tensor deserialization pipeline. Youtube: youtube.com/@NullSecurityX Blog: pwntricks.com/ZeroClick-RCE-…

Rusty Bootkit - Windows UEFI Bootkit in Rust by memN0ps memn0ps.github.io/rusty-windows-… #bootkit #windows

Here's its writeup. Hard bug; both GPT-5.4 and Opus 4.7 tried for multiple days each and failed. gist.github.com/moyix/09d885bc…

eBPF secrets injection github.com/spinningfactor…

Welcoming gift for _ZN4DionC1Ev: QEMU and UTM Escape Blog: open.substack.com/pub/calif/p/ma… PoCs: github.com/califio/public… youtube.com/watch?v=WWfxGy…

Exploring the relationship between compilers, obfuscation, and de-obfuscation by Robert Yates (quarkslab) blog.quarkslab.com/obfuscation-vs… #infosec