The silent installation of MCP servers and AI tooling from a supply chain attack is a real threat. Agentic tooling is powerful on a users machine. Repos, AI Tools, NPM Packages, anything that can write to config files at the local and global levels as a trusted source should be monitored closely. Enterprise Organisations are jumping at the chance to implement AI tools but are their secrity teams aware of the hidden dangers? The recent supply chain attack I think highlights the initial dangers of this attack surface but there are still others not seen and being actively reserached.

Hacking Google with A.I. for $500,000 brutecat.com/r/hacking-googl…

If you haven't watched ep. 162 yet, we talked with @senorarroz from @Hacker0x01 and here are the most important questions and answers: 1. Are they training AI models on researcher reports? (8:50) No. The part of their ToS that mentions AI training was written a long time ago, back when "AI" just meant basic spam filters not the LLMs we have today. They are not using bug bounty reports to train or improve any large language model. They admitted they should have updated the ToS language sooner to make this clear, and they are working on it. 2. What about the new agentic pentest platform, where is its "exploit intelligence" coming from? (29:25) Not from bug bounty reports. The platform was trained using public benchmarks, internal test apps they built themselves, public CVEs, and pentest sessions where both the pentester and the client agreed to share the data. The only indirect overlap with bug bounty is that some CVEs originally came from BB submissions, but that's it. 3. Do researchers actually own their reports? (18:45) Yes. According to Section 8 of H1's community terms, you keep the intellectual property. You give H1 a limited license to run the platform, and the customer a slightly broader license to fix their own vulnerabilities. The real risk of your techniques leaking is on the customer side, through CVE advisories, internal security teams, or threat intel sharing. That's where things tend to get out. 4. Why did they cut bounties? (41:59) They changed how they benchmark their own program. Before, they were comparing themselves to Google, Meta, and Amazon. Now they're comparing to "high-growth tech companies" and targeting the 80th percentile instead of the top 1%. The biggest cuts were on lows and mediums, but highs dropped from $12,500 to $7,000 and crits from $25,000 to $15,000. They said they're watching engagement closely and will adjust if needed. Justin pushed back hard on this, cutting high and crit payouts sends a bad signal to the whole industry, not just H1's own program. They said they're going to take a second look at it. 5. If you think your techniques were leaked or fed into an AI, how do you report it? (21:28) Use the mediation button on the specific report. For something more serious, email their legal or privacy team directly. They also said they're setting up a dedicated tip line for exactly this kind of concern, it's not live yet but it's on their list. --- One last thing. Everything you just read came from a live, unscripted interview. No questions were shared in advance, nothing was edited after, Alex answered on the record. Watch the full interview: youtu.be/Pa4wWv_ONjM

Deepseek wired into claude code or claude code with opus 4.7 or 4.8 for security research? Not a hackbot but more of a protcol research assistant anyone have thoughts on this? #bugbounty

🚨 NPM Malware-slop Alert!🚨 We detected and reported a malware-slop package to npm - the malware uses it's OWN PRIVATE GitHub token, which is EMBEDDED INSIDE the malware itself - to read sensitive information and upload it to the threat actor's GitHub repository. The malware is still live on npm - npmjs.com/package/mouse5212-… The threat actor's GitHub page was opened 5h ago - github.com/unplowed3584 Detailed report will be published tomorrow.

This is exactly why @SocketSecurity built Socket Firewall back in 2023. It's 100% free, and it will block malware from making it onto your device. To get protection for VSCode extensions and more, you need to run Socket Firewall as a proxy. Get in touch with our sales team, who can help! socket.dev/blog/introducing-…

With AI tools and agentic coding available to folks that would never have otherwise used npm, pip or any of these other easy to install cli tools the conversation of where the security boundaries are must evolve. Open doors and unlocked windows are being pushed by these tools "let us run the show with your permissions" and it's created an ecosystem ripe for abuse. The average person who now uses AI doesn't think about security the same way Developers and Engineers do. Pushing the security back onto people like this is giving them their own rope basically. Alerts and warnings and all of that are great but convenience will usually win no matter how many times you tell someone don't trust this feature, repo, installable package, whatever. When your vibe coding and the AI tells you to npm or pip install this package and the tools don't prevent their MCP configs from being altered without warning in some cases who is responsible for what? Is it really back on the user who is relying on their tools and AI to give them the best advice?

If you're seeing this you should join us on Reddit. reddit.com/r/Bugcrowd

The team over at @msftsecresponse has been busy. While not always the response that i'm looking for always greatful for the review that happens and the information providing clarity on trust boundries within the products.

1/7 OS Command Injection 💻 Ever wondered what happens when a website passes your input directly to a terminal? This guide walks you through how to detect and exploit OS command injection vulnerabilities! yeswehack.com/learn-bug-boun…

Never thought I would find anything but having a moderate severity bug confirmed and a potential fix in June is rewarding. No bounty for this one but still grateful to be validated by @msftsecresponse

Stripe tells you something important. It just doesn’t tell you everything important.

A product does not need to be losing money to be a bad use of your time. Sometimes it is just barely alive and hiding behind top-line revenue.

I think a lot of founders make pricing decisions with half the picture. They know demand. They know MRR. They do not know true operating cost by product.