Skip to main content

Context-Engineering

How to Make Your First Billion in Bug Bounty (Easily): My HTB Meetup 2026 Talk

A few days before leHack 2026 I gave a talk at the HackTheBox Meetup on AI pipelines for bug bounty. Here is the whole deck, plus a detailed walkthrough of every technical slide with code, sourced numbers, and links to the research behind each idea.

Studying LLM Workflows Until They Actually Find Cool Bugs

Two weeks ago I published a deep dive on prompt engineering for security research. This article is about everything that lives one layer above the prompt: the hooks, MCPs, subagents, scope guards, and validators that make those prompts viable in a real bug bounty workflow. Six axes, sourced numbers, and an honest before-and-after between my first attempt (27 slash commands, a 74k-vuln knowledge base, one monolithic configuration) and the rewrite (8 to 12 skills, no embeddings, hard caps everywhere, a deterministic validator MCP at the gate).