https://felixbillieres.github.io/tags/hackerone/Recent content in Hackerone on Elliot BeltHugo -- gohugo.ioenfelix.billieres@ecole2600.com (Elliot Belt)felix.billieres@ecole2600.com (Elliot Belt)© 2026 Elliot BeltTue, 19 May 2026 00:00:00 +0000https://felixbillieres.github.io/posts/llm-bug-bounty-pipeline-2026/Tue, 19 May 2026 00:00:00 +0000felix.billieres@ecole2600.com (Elliot Belt)https://felixbillieres.github.io/posts/llm-bug-bounty-pipeline-2026/Two weeks ago I published a deep dive on prompt engineering for security research. This article is about everything that lives one layer above the prompt: the hooks, MCPs, subagents, scope guards, and validators that make those prompts viable in a real bug bounty workflow. Six axes, sourced numbers, and an honest before-and-after between my first attempt (27 slash commands, a 74k-vuln knowledge base, one monolithic configuration) and the rewrite (8 to 12 skills, no embeddings, hard caps everywhere, a deterministic validator MCP at the gate).