![[tl;dr sec] #316 - How Trail of Bits uses Claude Code, GitHub Threat Intel, Open Source AI Pentesting Tools](https://image.cybernoz.com/wp-content/uploads/2026/02/tldr-sec-316-How-Trail-of-Bits-uses-Claude.png)
[tl;dr sec] #316 – How Trail of Bits uses Claude Code, GitHub Threat Intel, Open Source AI Pentesting Tools
I’m a fan of Truffle and Eduard’s research, they’ve been featured a lot in tl;dr sec. This should be a practical, useful webinar Mercari’s…
Category: Mix
How to use AI for improved vulnerability report writing
Report writing is an integral part of bug bounty or any type of vulnerability assessment. In fact, sometimes, it can become the most important phase.…
Inside Modern API Attacks: What We Learn from the 2026 API ThreatStats Report
API security has been a growing concern for years. However, while it was always seen as important, it often came second to application security or…
techniques, terminology, and real-world impact on business
What you will learn in this blog What chaining is and how combining lower-severity issues can create a high-impact security risk. Key chaining techniques and…
Nobody is Talking About Generalized Hill-Climbing (at Runtime)
All the labs are using a combination of pre-training and RL to create better “general” models. Which means they’re not just good at one thing…
![[tl;dr sec] #311 - Slack's Security Agents, Cloud-Native Detection Engineering, Trail of Bits' Claude Skills](https://image.cybernoz.com/wp-content/uploads/2026/01/tldr-sec-311-Slacks-Security-Agents-Cloud-Native-Detection-Engineering.png){kind=small}
[tl;dr sec] #315 – Securing OpenClaw, Top 10 Web Hacking Techniques of 2025, Discovering Negative-Days with LLMs
AI for Security Engineers (with Cursor’s Security Lead) AI is helping developers ship faster than ever. How can security keep up? I’m stoked for my…
Customizing Your Claude Code Spinner Verbs
Most people don’t think about spinner text. It’s that little “Thinking…” or “Processing…” that ticks by while Claude Code works. Background noise. Furniture. Daniel went…
Discovering Negative-Days with LLM Workflows
By now, you may have Anthropic’s zero-days blogpost where an “out-of-the-box” Claude Opus 4.6 workflow was used to find 500 vulnerabilities in open-source projects. While…
[tl;dr sec] #314 – ClawdBot Security, Security Scorecards, Threat Framework for SDLC Infrastructure
I hope you’ve been doing well! ClawdBot Security Well… what an exciting week to be in security ClawdBot Moltbot OpenClaw exploded with popularity as a…
global bug bounty adoption accelerates, led by the U.S.
Bug bounty programs have evolved from a niche security tactic into a core component of modern defense strategies worldwide. In this blog, we focus on the US: one of the…
Introducing Detectify Internal Scanning for internal vulnerability scanning behind the firewall
TL;DR We’re launching Internal Scanning, bringing our proprietary security engines, research-led crawling and fuzzing engine for internal vulnerability scanning behind your firewall. Built by Detectify’s…
Ticket Tricking OpenSSL.org with Google Groups
Over the holidays, I found some time to work on a small idea I had for a while. As a sometimes-Google Workspace admin with a…