troublemaker & troubleshooter | founder @bugcrowd @disclose_io, board advisor, investor | pioneer of #bugbounty as-a-service | opinions CC0 1.0 | #hacktheplanet
0.0.0.0/24
Joined July 2009
- Tweets 68,791
- Following 4,434
- Followers 29,088
- Likes 32,946
cje retweeted
Worth reading if you're following the ffmpeg vs google drama:
We’re excited to see the security and OSS communities engage on vulnerability disclosure in light of new AI technologies that we believe will enable both defenders and attackers alike. Existing and emerging norms around disclosure are important debates, and we’ve noted the feedback. Thanks! Also want to share some additional thoughts. 1/10
Price Equilibrium, Yo: The simple economics of an external shock to a bug bounty platform m.cje.io/3LzW09T
Ransomware has appeared in the VS Marketplace and makes me worry. Clearly created through AI, it makes many mistakes like including decryption tools in extension. If this makes it into the marketplace through, what impact would anything more sophisticated cause?
secureannex.com/blog/ransomv…
cje retweeted
Brilliant data-backed analysis of what’s going on AI Security from an investing standpoint.
Go and subscribe to Mike’s stuff. He has the best dataset anywhere on this whole space.
returnonsecurity.com/p/ai-se…
Truffle Security Raises $25 Million Series B to Expand NHI Security 🎉 🎉 🎉 HUGE congrats to @insecurenature and the crew!
m.cje.io/4oU5Cut
ah memes...
Folks, this isn't complicated. @BSidesPyongyang is:
- a real conference on 18 NOV
- it's VIRTUAL, we will not be in DPRK ffs
- we are unaffiliated with the DPRK
- hacker culture - it's parody, but with REAL content
@LambdaMamba and I are the keynotes. 🦄🐍
cje retweeted
Folks, this isn't complicated. @BSidesPyongyang is:
- a real conference on 18 NOV
- it's VIRTUAL, we will not be in DPRK ffs
- we are unaffiliated with the DPRK
- hacker culture - it's parody, but with REAL content
@LambdaMamba and I are the keynotes. 🦄🐍
cje retweeted
Finally, projects like ffmpeg are eligible for our long running Patch Rewards program (bughunters.google.com/open-s…) that offers cash rewards for proactive improvements made to security in key open source projects (github.com/google/bughunters…). 8/10
cje retweeted
We’re excited to see the security and OSS communities engage on vulnerability disclosure in light of new AI technologies that we believe will enable both defenders and attackers alike. Existing and emerging norms around disclosure are important debates, and we’ve noted the feedback. Thanks! Also want to share some additional thoughts. 1/10
cje retweeted
We're excited to participate in the Frontier AI in Cyber workshop put on by @BerkeleyRDI and @schmidtsciences—tomorrow, Nov. 6!
@monoxgas goes on around 12:50 PM PT with a session on building cyber agents.
Register (for free) here: luma.com/frontier-ai-cyberse…
📢 This Thursday ( Nov 6, 9 AM PT ): Join us and ~1500 attendees for a critical conversation at a pivotal moment in AI and Cybersecurity!
Benchmarks such as our CyberGym and results from the recent AIxCC competition demonstrate that AI capabilities in cybersecurity are advancing at unprecedented pace.
@BerkeleyRDI and @schmidtsciences are convening “Frontier AI in Cybersecurity: Risks and Opportunities” - a timely workshop bringing together leading researchers, engineers, and practitioners in AI and security to explore how frontier AI is reshaping both offensive ⚔️ and defensive 🛡️cybersecurity.
Part 1: November 6, 2025 9am PT
Part 2: November 12, 2025
📍Online workshop
Join us as we shape the future of #AI and #Cybersecurity together!
