Critical Thinking - Bug Bounty Podcast Episode 155: 2025 Hacker Stats & 2026 Goals
14 snips
Jan 1, 2026 Reflecting on the transformative year of 2025 for bug bounty hunters, the hosts celebrate the freedom and thrill of finding high-impact bugs. They share memorable moments from events in Tokyo and Seattle, discussing what truly makes a discovery fulfilling. With insights into the challenges of automation and balancing time, they lay out ambitious goals for 2026, including collaboration plans and a focus on AI research. The conversation also touches on evolving bug scoring methods and the exciting potential of AI-assisted hacking.
AI Snips
Chapters
Transcript
Episode notes
Align Report Effort With Severity
- Match report effort to severity: spend extra effort (video, detailed write-up) on highs and crits.
- Avoid applying CVSS to AI bugs; CVSS often misclassifies AI vulnerabilities due to user interaction factors.
Reframe UI-Required For AI Vulnerabilities
- Justin argues normal user actions against attacker-controlled sites should not be considered UI-required.
- This reframes how AI-related vulnerabilities should be classified in scope and triage.
Offload Research To Shift Agents
- Use AI agents (shift/Kaido) to handle research and note-taking for targets.
- Export agent findings into your notes so you can focus on anomalous, high-skill work.