Codex is surprisingly good at finding edge cases. Just point it at a fixed bug, and ask it to find bypasses. You’ll often end up with variants the original fix didn’t consider.

Here's the third installment of my 'Programmatic Advertising for the Uninitiated' series. Anyone can give a dry definition of an SSP or a DSP, but what about exploring the incentives (and disincentives!) that shape the behavior of the programmatic ecosystem? #adtech #Programmatic #HeaderBidding #intro scientiamobile.com/the-playe…

Karpathy didn't make a course. He made THE course. 3 hours. Free. Tokenization. Attention. Hallucinations. Tool use. RLHF. DeepSeek. AlphaGo. Every behavior you've ever wondered about in an LLM - where it comes from, why it exists, how it was engineered. The gap between engineers who understand this and engineers who don't isn't technical depth. It's the ability to conceive of entirely different things.

Anyone from my network who is using polar.sh/ or a similar service while operating a small digital business in Germany? I would like to have a chat :)

Doscovred 2 oob writes and 1 oob read and I don't know what to do :D

I Built a Live Map of My Entire Life System razbakov.com/blog/2026-03-25… by @razbakov

I've worked on Fabro for 30 days straight. I asked Claude to estimate the effort and cost. > Compared to the $400k-$750k it would cost without AI, the actual cost of $62k-$108k represents an 80-85% reduction. Sounds about right! (I'd ~2x tokens.) gist.github.com/brynary/7fc6…

Today I'm thrilled to open source what I've been working on... Meet Fabro (github.com/fabro-sh/fabro), the dark software factory for small teams of expert engineers. Fabro gets you out of the REPL (read-eval-prompt-loop) by layering deterministic workflow graphs over agent sessions. It's batteries included with cloud sandboxes, quality sign offs, multi-model ensembles, and Git checkpoints. It's MIT licensed so you can fork and own your AI coding toolchain. Single Rust binary with zero deps. I'd love to hear what you think!

I know Silicon Valley startups don't want to hear this..... But the combination of someone in the trades with deep domain expertise and Claude Code will run circles around your generic software. I talked to Cory LaChance this morning, a mechanical engineer in industrial piping construction in Houston. He normally works with chemical plants and refineries, but now he also works with the terminal He reached out in a DM a few days ago and I was so fired up by his story, I asked him if we could record the conversation and share it. He built a full application that industrial contractors are using every day. It reads piping isometric drawings and automatically extracts every weld count, every material spec, every commodity code. Work that took 10 minutes per drawing now takes 60 seconds. It can do 100 drawings in five minutes, saving days of time. His co-workers are all mind blown, and when he talks to them, it's like they are speaking different languages. His fabrication shop uses it daily, and he built the entire thing in 8 weeks. During those 8 weeks he also had to learn everything about Claude Code, the terminal, VS Code, everything. My favorite quote from him was when he said, "I literally did this with zero outside help other than the AI. My favorite tools are screenshots, step by step instructions and asking Claude to explain things like I'm five." Every trades worker with deep expertise and a willingness to sit down with Claude Code for a few weekends is now a potential software founder. I can't wait to meet more people like Cory.

"Unfortunately we were unable to reproduce your submission, as not enough information was provided to replicate your findings." Wondering how often folks get such a response that lacks details by bug bounty platforms and what is the constructive way this to get better?

Been hacking on an Elixir port of @karpathy's autoresearch — an LLM agent that designs and trains GPT models autonomously, overnight. Turns out the BEAM is (unsurprisingly) a natural fit: hot code reloading for experiments, multi-GPU fault tolerance, LiveView to watch it think.

🚀 Treo Site Speed Update: Page-level CrUX data, 2 years of history, and a Free Plan. What's new: • Page-level CrUX report: Real-user metrics for individual pages. • Multi-page reports: Track up to 10 specific URLs in a single report. • Free Plan: Save and monitor your reports for free. • 2 years of BigQuery data: Treo is known for the best origin-level report, and now you can access 2 years of history. • Treo Scan Lite: Auto-discover your top 10 URLs and instantly check their metrics. • UI updates: We kept our signature clean design and made it even better. Test your site: treo.sh/sitespeed

Bugcrowd has seen a sharp rise in what we’re calling “AI slop” submissions: high-volume reports with thin evidence, templated write-ups, and little to no validation. That’s not how real vulnerability research works. Bugcrowd has always been built on human ingenuity and high-signal findings, so we’re introducing updated submission policies to reduce speculative AI-generated reports and keep the focus where it belongs: validated vulnerabilities that create real impact. These updates include enforcement against submission farming, automated pipelines, and repeated invalid submissions. Read the full update from @treyford ↓ bugcrowd.com/blog/bugcrowd-p…

If you're using AI for bug bounty, you already know the two killers: context window limits and compaction amnesia. I use 6 lifecycle hooks for my mastermind-ai setup that act as checks and balances — injecting hunt state on session start, gating findings that lack proven impact, catching agents that surrender too early, and serialising everything to pick up exactly where the last session left off. The result: more agents running autonomously for longer, finding higher severity bugs. Cool interactive explanation of all 6 hooks here - labs.trace37.com/blog/master…

Joining the agentic vuln research hype, @EyalKraft and I did something. Unfortunately, it worked better than we hoped. We spent a few weeks building an agentic loop that reverse-engineers and exploits kernel drivers. We already found 100 exploitable drivers. (link below)

building a complex AI product like automated vulnerability identification is incredibly messy because of model nondeterminism. shit ton of complications. 1. traditional testing doesn’t work. 2. you need carefully crafted benchmarks. even then vulnerability identification is highly susceptible to goodhart’s law. 3. the benchmarking process itself is incredibly shitty, with incredible amount of time spent on monitorning the situation, model rate limits, timeouts, slow inference. 4. the exact trajectory finds a vulnerability once, but when you rerun it or slightly change context, it acts dumb. 5. observability tools like langfuse don’t really work when you’re producing a shit ton of long-horizon traces. you need custom tools to actually review and diff them. 6. small changes in tools or prompts have considerable effects, and model providers don’t really provide solid best practices for managing this.

Hello security researchers! Like it or not, agentic AI is here. It’s time to explore its impact on novel, academic research in cybersecurity. To this end, we’re launching the Conference for Synthetic Security Research (synsec.org). Researchers, start your agents!

OpenAI now requires government ID verification to use GPT-5.3-Codex for cybersecurity work. - openai.com/index/trusted-acc… GPT-5.3 and Opus 4.6... AI cybersecurity capabilities have reached the critical point where they need to be properly safeguarded. OpenAI built a tiered trust system with automated classifiers monitoring for suspicious cyber activity in real-time, an invite-only tier for researchers, and $10M in API credits for defensive teams. Prediction: 1️⃣ Google DeepMind and Anthropic will follow and implement KYC to access the risky capabilities of their frontier models. 2️⃣ Today's frontier models will become just a model in 6 months, with open access to everyone. But they won't become less capable. 3️⃣ The labs will continue doubling down on safety guardrails and making AI able to protect from AI Source: Ilya Kabanov

new blog post phpied.com/do-it-yourself-co…