Who else thinks there is no significant improvement in the latest LLM upgrades. Frontier models have hit a plateau until further breakthrough

It’s tomorrow. It’s tomorrow. 🔥 The wait is over. UNIV East 2026 is here. A conversation for every youth, every thinker, every person. See you there. #UNIVEast2026 #UNIVForum #BuildingBridges

STEM is the future; prepare yourself for the future of work.

Don't be fooled by the allure of remote tech jobs. It is the vestige of a dying tech culture, or better still don't be caught unawares. The era has passed when you learn a skill to get a job, or worse still, build an entire career around a skill.

If you're passionate about STEM and solving problems that actually matter — we're building something for you. Follow us for more updates.

Started my Zk journey around February with the help of @kirkthebaird 🍃& @RareSkills_io ⭐️ Decided to implement a little of what we learnt in a few weeks. I managed to find 6 ZK related bugs in the Base Azul Comp @immunefi Happy to see it paid off even while I’m still learning.

Empty walls are just wasted real estate. Seeing the main builder space without a cover felt exactly like that. I designed this to permanently stamp that raw community energy onto the @Mantle_Official Squad Hub Notion page.

There were ~30 hacks in April. Just studying all of them in depth (root cause, context, attack vector, PoC, etc.) will make you an above-average security researcher. Put in the effort and make the space safer.

Another defi protocol is hit. Attackers don't rest. So do auditors

Most security firms are quietly moving away from audit competitions. This is one of the biggest mistakes happening in crypto security right now. There is a simple way to think about audit value: what does it cost to find a critical vulnerability? We looked at the actual data on what it costs to find critical bugs in crypto, and the numbers are not surprising. Finding a critical vulnerability in an audit competition costs $6,548 on average. The exact same severity bug through a bug bounty program costs $114,000. That is 17x more expensive for the same result. Now look at the traditional audit model. Some top firms charge $100 per line of code. Others charge as high as $25,000 per auditor per week. A single engagement can easily run $200k to $500k , and you are getting maybe 2 to 4 people looking at your code. But cost per critical is not even the most interesting part. The interesting part is the structure of who is looking at your code. When you hire a firm, you get 2 to 4 auditors. Maybe they are great. Maybe one of them is having a bad week. You are making a concentrated bet on a small number of people. An audit competition attracts hundreds of security researchers. These are some of the best hackers, people who have found real vulnerabilities in major protocols. These hundreds of researchers are now armed with AI tools. They understand codebases faster. They write PoCs faster. They find bugs that would have taken DAYS in just hours. Think about what that means. You are not just getting hundreds of humans. You are getting hundreds of AI-augmented humans, each running their own workflow, each with their own intuition about where bugs hide. The scaling dynamics are extraordinary. The firms moving away from competitions are optimizing for predictable revenue, not for their clients’ best outcomes. That is understandable from a business perspective. But if you are a project choosing where to spend your security budget, you should optimize for bugs found per dollar spent. Audit competitions now also have scaling pots. The prize pool grows with the scope of the codebase. This aligns incentives in a way that fixed-fee engagements never can. But what about AI spam, low-quality submissions, and the time it takes to triage all of those submissions? Immunefi is addressing these with mechanisms like pay-to-submit, managed triage, and AI triaging agents, which are already showing very strong promise. The best security strategy is not either or. But if you have a limited budget and you want the most eyes, the most diverse skill sets, and the best cost per finding ratio, audit competitions are still the obvious choice.

Opened discord yesterday and saw this. I wanted to laugh. I have forgotten about the audit, all my submitted issues were flagged invalid and I have moved on with life. Learnt a lot during @0xfluid audit; one of the elegantly written code out there. Thank you @sherlockdefi

Lots of security researchers read code hoping something feels off. Sometimes it works. But the meaty bugs don't feel off. They look perfectly fine. The shift for me was simple. Stop just reading and start questioning. Every function. What is this doing and why. That extra layer of thinking while reading is the difference between finding lows and finding crits.

I've been digging into @immunefi bounties recently and it feels totally different working on contracts that have money inside. I mean `there is real money in this code🤯🤯🤯'

I Saved Injective's $500M. They Pay Me $50K. I like hunting bugs on @immunefi . I'm decent at it. - #1 — Attackathon | Stacks - #2 — Attackathon | Stacks II - #1 — Attackathon | XRPL Lending Protocol - 1 Critical and 1 High from bug bounties (not counting this one) Life was good. Then I found a Critical vulnerability in @injective . This vulnerability allowed any user to directly drain any account on the chain. No special permissions needed. Over $500M in on-chain assets were at risk. I reported it through Immunefi. The next day, a mainnet upgrade to fix the bug went to governance vote. The Injective team clearly understood the severity. Then — silence. For 3 months. No follow up. No technical discussion. Nothing. A few days ago, they notified me of their decision: $50K. The maximum payout for a Critical vulnerability in their bug bounty program is $500K. I disputed it. Silence again. No explanation for the reduced payout. No explanation for the 3 month ghost. No conversation at all. To be clear: the $50K has not been paid either. I've seen others share bad experiences with bug bounty payouts recently. I never thought it would happen to me. I can't force them to do the right thing. But I won't let this be forgotten. I will dedicate 10% of all my future bug bounty earnings to making sure this story stays visible — until Injective pays what I deserve. Full Technical Report: github.com/injective-wall-of…

This is best time, perhaps the last window, to break into web3 security. AI will be soo good. Imagine having to fly at 85K ft above sea level (most commercial planes can attain 30k - 50k ft), only a few military/spy planes can do that. AI will create a similar effect.

security chads, see if your skills match the role

The @FolksFinance Audit Competition is live! 💸 A $25,000 reward pool is up for grabs for finding bugs in project's Staking Contracts. 📅 Ends: March 17, 2026 💰 Reward pool: $25,000 ⌨️ Scope: 365 nSLOC of Solidity ✅ No KYC required Get hunting: immunefi.com/audit-competiti…

If you vibe-coded, don't vibe audit...