AI is going to make audits lower quality and increase the demand for good Security Researchers. Too many new researchers are relying on AI completely to find bugs rather than understanding the code line by line manually. The worst part is since AI is catching real (mostly obvious) bugs, so many are going to chase the “quick high” again rather than do the real hard work. Likely we will see within 1 year how much the demand for good auditors will increase, and sadly this may increase the number of hacks.

I have integrated Claude Fable 5 with my internal AI agent that I've been working on for the past 69 months. It's already catching critical issues such as "Missing two-step ownership transfer" and "Owner can steal all funds via sweep". DM for early access.

Pro tip: use your prompts like a red-dot sight.

Hunting bugs in secure codebases can be an extremely low-dopamine activity. After hours of staring at code, your brain starts craving quick stimulation, such as doomscrolling or a short game of chess. A downward spiral of distraction follows and holds you back from breaking through as a Security Researcher. You just need to find a healthy way to satisfy your brain's craving for dopamine. For me, having a cup of coffee usually does the trick (max 3 per day).

With contest platforms shutting down, AI fearmongering, and a constant flood of spam submissions, many new security researchers feel lost and no longer know where to start. This is the exact roadmap I would follow if I had to start over today: crypticdefense.com/blog/guid…

The barrier to entry for new SRs was already high, and it just got worse. The space already lacks experienced white hats, as shown by the countless hacks last month. Although existing SRs may benefit from less competition in the short term, fewer eyeballs mean major hacks will continue, making mainstream DeFi adoption much more difficult. We need to get more creative and find alternatives to help onboard new talent.

Monero > Zcash > BTC. Privacy will win at the end.

Every Security Researcher of some level using AI can confirm how shit AI is at finding bugs. Anyone that tells you otherwise is trying to sell you something. Avoid AI audits or get rekt.

Happy Chinese New Year 2026! Wishing all bug hunters prosperity in the Year of the Fire Horse. Let’s set fire to all bugs in our path. No bug shall survive. 🔥😎

Couldn't be happier to welcome aboard @crypticdefense to kick off 2026! It's clear that @crypticdefense has a knack for subtle & complex issues (especially in AMMs), and is a real team player who uplifts other SRs around him. Proud to have you joining us as a Guardian.🫡

Starting the new year off strong! 💪🏼 Excited to announce I’ve officially joined @GuardianAudits as a full time Security Researcher. With such a fantastic team, I am certain my growth here will be exponential. I’ll let the bugs speak for themselves. 🔥

One of the biggest regrets people have in their 40s and above is not having fun when they were younger. As you get older, you may have more time and money, but you will never get your youth back. Your energy levels will continue to drop. This is why I’m against workaholic culture. That extra competitive edge may not always be worth it. Spend some time with family and friends, and go outside. Meet new people. There are many life lessons you can learn just from a single night out. Hard work is important, but life is not all about having your face buried in thousands of lines of code all day every day. Happy holidays to you all, and wishing everyone a happy new year! 🎉

Every audit where you miss a finding is a blessing. Congratulations 🎉 You just became a better security researcher. Learn from what you missed or stay the same.

How to get better at auditing without actually auditing: 1. Gym ✅ 2. Socialization ✅ 3. Sleep ✅ 4. Diet ✅ Most auditors I’ve spoken to are missing at least one. Hard work is not everything. Take care of yourselves so you can take better care of projects you audit.

I hear from many new Security Researchers that they find it difficult to find bugs in contests lately. In other words, these projects have already been audited so many times that it has destroyed the ability for new researchers to find bugs. As such, I thought I’d share a few words I always used to find some bugs when I started out. I would ask: “May I meet you?” before engaging further in an audit. I almost never got a No.

Easiest way to find a crit: Track the entirety of cash flow from deposits to withdrawals for each token the protocol uses. Along the way, scan for logic errors, and be as creative as possible when thinking of edge cases (rounding issues, blacklists, reentrancy, slippage, etc).

Auditing and chess are the same ♟️ Play with minimal mistakes until you are in a critical position, then find the best possible move. Similarly in auditing, when you encounter a “critical position”, find the best possible attack path. Pattern recognition tactics = victory.

A sign you are becoming a better auditor is when you find yourself spending less time pattern matching with solodit.

I'm travelling to Argentina for DevConnect DSS soon The dog was supposed to come, but the airline I'm flying with doesn't allow dogs onboard So I sent him to a dog hotel that was recommended to me. I took him there for 1 day to adapt, so he'd already know the place before staying longer He came back home with an eye hemorrhage. His eye was swollen, and the entire white part of the eye was blood red The hotel says the vet check before checkout didn't notice anything, and nothing happened to him I took him to my trusted vet immediately. She said it was certainly caused by a strong hit and could never go unnoticed by a professional We are all heartbroken

Respect to the Balancer team for their speedy analysis and transparency. I can speak from first hand they take security very seriously. With such a fantastic developer team, the protocol will bounce back from this incident in no time. We SRs should be motivated to do our best.

Don’t sleep on @cantinaxyz 😎