An email landed in my inbox, a pentest request before a funding round. An upcoming TV interview. And a project I just dropped after months on it. Packed week, lots of questions about what we actually do, and why.
And for those waiting on my bug bounty methodology, it's almost ready. It drops next Monday.
Why pentests still matter
I recently got an email asking for a pentest on an application. I get those from time to time and I really enjoy doing pentests. It's a nice change from bug bounty, and there's a closeness with the teams and devs that lets you go way deeper into the application.
This person asked for a pentest in a pretty classic way, without really knowing how it works or what it brings, because he had heard of me and wanted to raise a funding round soon for his app.
For that round, and to reassure investors, he needs a stamp, some recognition saying his application is secure enough to go to production and be used by everyone.
It made me think about the recent AI progress and the fact that now an Opus 4.6 can do a pentest end-to-end and find vulnerabilities, especially on open source code.
So I thought the future was heading towards companies doing fewer pentests and just spinning up Claude instances to find bugs for them. But the reality is that you still need a professional's expertise behind it, to make sure it's all actually true and to define the real severity.
Because let's be honest, Claude hallucinates a lot and finds bugs where there are none.
And there's also that human touch, the intuition of where it smells off, where you need to dig, and good practices more generally. I was also asked if I had done training to help a company secure itself. Things like the use of certain tools, the basic principles that secure the whole perimeter and not just the technical part.
Because we think a lot about the technical side of an app, where Claude can be strong at finding and fixing vulnerabilities, but we forget an essential part: the human.
It's often the human behind the keyboard that gets hacked, and that's where most data leaks come from. With AI, I feel like we're removing more and more safeguards and paying a bit less attention to security in general.
So I'm really glad to have these opportunities and to be able to prove that our job is even more useful now.
By the way, I regularly do pentests for various companies, so feel free to reach out if you have any needs.
This thing about proving the job's value, I actually ran into it again this week in a totally different context.
TV shoot
I was recently contacted to do an interview about my work on French TV. I won't disclose the topic or the channel yet, but I'd like to share a few thoughts on the experience.
First, I'm really glad I get to do this. It's a kind of indirect exposure for me, if done right. And it also lets me get the message across that security is still a very important topic, especially in today's society.
What really got me thinking is that we live in a bubble. Every day on X, we see vulnerabilities, bugs found, AIs finding dozens of issues in Firefox, a Claude that will replace everyone in a few years. All pretty alarming stuff.
But the general public is miles away from all that. Having talked with the journalist and the cameraman, they're really very far from it. Even in terms of basic security, even though they work for a big channel, their level is pretty low.
Talking with them about simple things like passwords, password managers, and so on, you can tell they're starting to know about it, but no one really applies the basics.
And on the AI side, the world seems stuck at "I talk to ChatGPT from time to time for basic stuff".
It's wild to realize how much we live in a bubble, each of us in our own, with our own information. Same for me on other topics like news or politics, where I know very little.
That's why I think it's sometimes important to step back a bit and get some distance, to actually see the world and what's really happening.
Dropped projects and space
Speaking of stepping back. That brings me to the projects I drop along the way.
If you already know me well, you know I love starting a lot of projects and dropping them when I lose interest.
It's a personality trait that can be very frustrating, but that's how I work, and I don't like forcing myself to do things I don't enjoy.
Recently, I decided to drop my Hackyx project, a kind of search engine for cybersecurity. The project was really cool, and useful, but I wasn't taking enough time to work on it or maintain it. If anyone's interested in taking it over, reach out, I'll hand over the code and the info.
Same story for Kinen, a read-it-later app to save articles for later, launched recently, but it didn't find its audience. It's sad, but it's part of the game: you move on and iterate.
I've also been talking for a while about doing hardware hacking. All the gear is at home and I've barely soldered my TP-Link, it's crazy to be like that. Anyway, all this to say that things aren't always perfect, and there are quite a few failures along the way.
This frustration of half-finished projects, I snapped out of it this week by watching something at the complete opposite end. Through the latest video by French creator Micode (https://youtu.be/oOsl-Cgu34g, if you speak French, go watch it), I discovered a pretty incredible space expedition.
It's a field I've never really dug into, but it's impressive to see how researchers managed to prepare a rover with 4 MB of memory, a tiny battery, plan to launch it and have it land as far as Jupiter, 4 years later, with exactly the right trajectory.
All of that to understand how things around us work, light-years away from us. Projects that cost millions and millions, to send a small object no more powerful than a calculator to the other end of the universe and still be able to communicate with it, to send it commands from that far.
Meanwhile, we vibe code static sites that weigh more than 100 MB, not optimized at all, to run useless stuff. The gap is wild. And it makes you think about the importance we give to what we do.
Anyway, it was a really nice week. Lots of projects are coming up, and my methodology is coming very soon, too.
Have a great end of the week!
Comments