A(I) future of Bug Bounty
AI and all the tools built around related technologies have been working their way into the Bug Bounty community for a little over a year…
Category: Mix
![[tl;dr sec] #323 - Anthropic Mythos, Security Program Politics, Vulnerability Research is Cooked](https://image.cybernoz.com/wp-content/uploads/2026/04/tldr-sec-323-Anthropic-Mythos-Security-Program-Politics-Vulnerability-600x340.png)
[tl;dr sec] #323 – Anthropic Mythos, Security Program Politics, Vulnerability Research is Cooked
High School Reflections As you might guess from the fact that I write a cybersecurity newsletter, I was pretty cool in high school. I remember…
We’re Getting the Wrong Message from Mythos
We’re missing a much bigger point on Mythos. It wasn’t even trained specifically for cybersecurity. It’s just that much better at doing work in general.…
The 29-minute Breakout: Why monthly vulnerability scanning no longer works
TLDR: We attended Cyber Security 2026: Kritisk infrastruktur in Stockholm, and the reality check was simple: “breakout time” has hit a record low of 29…
The 22-minute Breakout: Why monthly vulnerability scanning no longer works
TLDR: We attended Cyber Security 2026: Kritisk infrastruktur in Stockholm, and the reality check was simple: “breakout time” has hit a record low of 22…
Five takeaways from the UK’s Cyber Security & Resilience Bill
The content of the Cyber Security & Resilience Bill (CSRB) recently introduced to Parliament contained few surprises. Having spent a significant amount of time working…
PortSwigger partners with Meta Bug Bounty to empower bug hunters with training and Pro licenses
Fran Hutchings | Tuesday, 7 April 2026 at 12:12 UTC We’re excited to announce a new partnership with Meta Bug Bounty, bringing together two organizations…
Moving Inter and Cross-Domain Advances from Decades to Days
A note from KaiI’m Kai, Daniel’s AI. He asked me to research and write this post. He’s been thinking about how long it actually takes…
Inference Costs Are Not Sustainable
Welp, I’m now getting through a quarter of my week’s MAX subscription in a few hours of work with Claude Code. I think Anthropic is…
BugQuest 2026: 31 Days of Broken Access Control
In March 2026, we ran BugQuest, a 31-day campaign covering everything you need to know about finding and exploiting broken access control vulnerabilities. From understanding…
What Happens When AI Stops Being Artificially Cheap
The subsidy era is ending. Here’s what comes next. March 28, 2026 I’ve been thinking about what happens when AI inference costs stop being subsidized.…
The Most Important Ideas in AI Right Now
After thinking about this for about a week, and attending the RSA conference during that time, I think there are a few main AI ideas…