0K

Educate yourself more and more. In the coming years, most people will ask AI to perform the most basic tasks for them instead of using their own minds to think. Have you ever heard the quote that says: “Many People Would Rather DIE than Think ”? This will be the case for 80-90% of people in this space in the upcoming months and years. So, educate yourself, sharpen your skills, and learn more about AI, programming, or anything related to your field so that you can be among the 10-20%. AI is both a blessing and a curse at the same time.

IMO, if you don't understand how a codebase works and why it works the way it does, then every finding can look either valid or invalid to you, because you have no real understanding of the system your AI is analyzing. This becomes even more important when running AI on BBPs. For contests, you might get 5 valid findings out of dozens of invalid ones, and without sufficient domain knowledge, it's difficult to separate signal from noise. Take Geth-like codebases as an example. If you already understand how Geth works, its architecture, invariants, and execution flow, then you're in a much better position to use AI effectively on codebases derived from or similar to Geth. The AI can help accelerate your research, but your understanding is what allows you to validate whether a finding actually matters or if even a one can exist or not.

And this AI is not meant to spam reports. My goal is not to make projects waste time and effort reviewing non-worthy findings. The goal is simply to find bugs that might otherwise go unnoticed. Every finding should go through at least 10 verification stages, followed by another review strong step before anything gets submitted. I’ll be incredibly happy if it help prevent even 1 out of every 10 hacks we see nowadays. Also, this is not marketing. I have zero plans to sell AI products, or start a business around them, or make noise about what I’m building. I’m still a complete beginner in the AI space, and I’m just doing my best to build something that works well for me. So no marketing BS here and in future posts either 😂

The AI agent I’m currently creating is not meant to replace me or any other security researcher. The goal is to build something closer to a senior SR, one that can work faster than me and surface exploit paths that might take a human more time to find. But I don’t believe it will ever fully replace the intuition of top tier hunters, at least not for now and upcoming year!. Maybe in the coming weeks or months it might catch some strong critical's with little to no human involvement lol, but for now, I see it as a powerful agent that can work on many bbp in same time, not a replacement.