DiscoverSecurity Weekly Podcast Network (Video)Finding Large Bounties with Large Language Models - Nico Waisman - ASW #351
Finding Large Bounties with Large Language Models - Nico Waisman - ASW #351

Finding Large Bounties with Large Language Models - Nico Waisman - ASW #351

Update: 2025-10-07
Share

Description

Software has forever had flaws and humans have forever been finding and fixing them. With LLMs generating code, appsec has also been trying to determine how well LLMs can find flaws. Nico Waisman talks about XBOW's LLM-based pentesting, how it climbed a bug bounty leaderboard, how it uses feedback loops for better pentests, and how they handle (and even welcome!) hallucinations.

In the news, using LLMs to find flaws, directory traversal in an MCP, another resource for learning cloud and AI security, spreadsheets and appsec, and more!

Show Notes: https://securityweekly.com/asw-351

Comments 
In Channel
loading
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Finding Large Bounties with Large Language Models - Nico Waisman - ASW #351

Finding Large Bounties with Large Language Models - Nico Waisman - ASW #351