Whitehat: "maybe just responsibly disclose after all?" Google: sure! memory corruption — $500, controlled write — $5k. And it's not enough to just find the bug — the PoC has to land as the right files, no harness/shell scripts/CDP, with a flawless repro on their end. The industry itself is handing wavering whitehats a one-way ticket to "enjoy cybercrime."

Just paid $240 for ChatGPT Pro after @xbow called GPT-5.5 "Mythos-like hacking, open to all". Passed KYC on chatgpt.com/cyber. Asked Codex to deploy OpenClaw (a standard gateway utility) on infra I rent. Result: account flagged for "high-risk cyber activity", requests throttled. Not a pentest. Not an exploit. A deployment task. @OpenAI @xbow what exactly is "open to all" here? cc @psawers

Every JWT writeup online covers 2–3 attacks and stops. I got tired of jumping between 40 blog posts, so I wrote the whole thing. All in one place. rmrf.tips/en #infosec #appsec #bugbounty #websec #jwt