Running a multi-agent pipeline for security research gets expensive fast. I have several agents doing sequential analysis work - reading commit diffs, running adversarial bypass analysis, building proof-of-concept exploits. Token costs compound at every step: system prompts, tool schemas, conversation history, and verbose outputs all stack up before a single useful …

Breach Report!

Why am I writing about healthcare breach reports? Well I like data, especially unsexy data. Also a couple friends (you might know who) and I are looking into some unsexy parts of industries that are underserved and in need of help to make impact for the better good …

I have been pretty facinated with type promotion bugs in the recent months. Why? Because I love when there is some crazy mixed data types with arithmetic. Something about math (in)correctly implemented always makes me geek out. For those not familiar with Type promotion, it's when data type values …

Just an update

Took some weeks off from the nightly grind. Although I mostly kept up with current events, research, reading, and watching some past con talks. Now it's Hacker Summer Camp time, and all the conferences are in full swing. I probably won't be attending them, but I do …

Distracted..

This post is more about a side quest, as I was a bit distracted awaiting some responses on some UAF and Format string vulnerabilities submitted to a couple bug bounty programs.

In order to keep momentum going and my thirst for knowledge well fed with regards to vulnerability discovery …