Slow bounties, AI and travel
• public
Table of contents
This past weeks has been pretty slow for me, I worked but it didn't work well. I also tried to setup some new stuff related to AI as I told you in my previous post, I'm gonna tell more about MCP today.
And after next week, I'm going to travel again.
Slow bounties
It's crazy how it can be in our job. This past few weeks, I hunted a lot, but found nothing. In the programs I was used to it, and it's tough when it happens.
But it's the game and we have to accept it. And I know that a cycle will pass and I will find new bugs. And I know that now, I'm increasing my knowledge about my targets so it's still nice.
I'm also forcing myself to only hunt on HackerOne and not on Yeswehack anymore to increase my points and be in the LHE loop next year. And as I prefer to hunt on big public programs, it's way harder than a random private program that just pops. It also increases my level of patience.
AI
I talked to you about my usage of AI with notebook lm, and now as you may know my lazyness, I did not use it a lot.
But I tried playing with some MCP. And I played with Claude Code as well as an agent to hunt with.
The first setup I did was for code review. I put claude code on a code base of a big program, and I started asked him to help me find some vulnerabilities.
I needed to help him by giving him where to search, because I had already found some bugs on it, and I wanted to dig deep more on some functionalities. And it was quite good, but not enough. Claude is fast, and it's very nice for that. But he hallucinates a lot, and found bugs everywhere, and I had to tell him to go deeper to finally find nothing.
Also, the tokens are burning very fast so it's pretty annoying. I think that I have to fine tune it, and ask for very precise tasks, but I'm pretty sure it's going to be huge soon.
My second setup was to play with Caido MCP. Caido already has a plugin for agent but it was burning so much credit, and slonser build a new plugin which is a MCP for Caido.
A major problem with using AI with Burp Suite / Caido is that they cannot be fully integrated into a pipeline together with other AI MCP servers.
— slonser (@slonser_) August 13, 2025
I tried to solve this problem for @CaidoIO with my own plugin - https://t.co/k6CVb5CeR8
And it's working very well. I can control my Caido directly from Claude. You have to give it a try.
That's the same as before, as you need to be pretty precise for your tasks to avoid burning too many credits. But it's still pretty worth it, as you can ask to rearrange your replay tabs and create new ones based on stuff you want to try.
Travel
Next week, I'm going to Stockholm to run a half-marathon. I'm pretty happy about that as it's the first time I'm going to Sweden. I will stay there for a week and after I will fly to Berlin for NullCon.
I'm pretty happy about that as this is for a bug bounty event and I will be able to hunt with friends during two days.
I also have different other trips planned for the rest of the year, with one back in asia, so I'm very looking forward to it !
