HackerTrans
TopNewTrendsCommentsPastAskShowJobs

elmer2

2 karmajoined 5 giorni fa

comments

elmer2
·5 ore fa·discuss
"most people don't want to admit most of their lives have been wasted in front of a computer."

On the contrary, because I spent so much of my youth in front of a computer, most technical things are second-nature to me. While I see large amounts of people laid off in the tech industry, my net worth and income is only growing.

"So stop complaining and start coming up with more creative uses of AI writing if you have a problem with it."

Using AI/LLM takes about 1% of my brain power. Cobbling a bunch of scripts together to basically ask questions to an LLM is well within the skillsets of many people in the tech industry.

The people with the knowledge and skills pre-LLM will be dominating the industry, getting paid the most, and will be employed for years to come. The rest will be on the unemployment line.

Overly relying on AI going forward will only atrophy your skills and make you completely reliant on the companies providing the tokens.
elmer2
·6 ore fa·discuss
[flagged]
elmer2
·l’altro ieri·discuss
I partially disagree with the author here. I've been active in the bug bounty community for 8 years and spend time with the top hackers. I have also found a substantial amount of bugs over the years.

Agentic bug bounty hunting just isn't that good yet. At most, it can find low-hanging fruit. The more critical bugs that are hard-to-find still can't be found by agents. Now, source code scanning is the exception, which is about 10% or less of bug bounty programs.

I feel like the people spending thousands on tokens are basically gambling. Even if you find a critical and have all the evidence, 50%+ of the time, the company will find a way to not pay you. It's not worth the token investment.

Bug bounty has actually gotten easier for me. Too many people think they can just use Agents to do all the work, and are not focusing on other more serious bugs. Over time, new comers will completely rely on AI and it will make the people with actual skills even more valuable.

The platforms are receiving more reports that use AI...and 90% are crap. It's only forced companies like HackerOne to create two report queues where established players gets humans to review their reports and everyone else goes through an AI review.

I'm a security consultant and regularly lead pentesting engagements for companies. One thing preventing most companies from using AI is the token cost. Most companies that I deal with rarely want to spent any extra money on security.

The other is the fact that no matter how many guardrails you have in place, there's always a chance (now, a high one) that production data will be destroyed or it will add more liability to the company in terms of data leakage. I can't tell you how many times I've been contacted by a client when a tester bumps into something that caused a huge issue in production or even staging environments.

I think AI works better with finding bugs in source code, before it's pushed to production, which will lead to less bugs overall.

I'm not against AI and use multiple models daily and it definitely augments my skills, but I just think we need to be more realistic about it.
elmer2
·4 giorni fa·discuss
If it's so bad that it's obvious it was vibe coded, it will be rejected. If it's seamless and works as intended, I don't see why any project would have a problem with how it was created.
elmer2
·5 giorni fa·discuss
[flagged]
elmer2
·5 giorni fa·discuss
[dead]