Critical Thinking - Bug Bounty Podcast Episode 137: How We Do AI-Assisted Whitebox Review, New CSPT Gadgets, and Tools from SLCyber
Aug 28, 2025
Dive into the fascinating world of AI-assisted code reviews, where tools like Gemini enhance workflow and bolster security. The discussion reveals lucrative bounties in AI safety research, spotlighting companies like Anthropic and OpenAI. Discover innovative cybersecurity tools such as ch.at and Slice, designed to streamline bug bounty hunting. There's even a look at clever tactics like cache deception and WAF bypassing techniques, making this a must-listen for anyone in the hacking community!
AI Snips
Chapters
Transcript
Episode notes
Use LLMs For Rapid Whitebox Code Review
- Use a large-context LLM (Gemini/Cloud Code) to ingest an entire repo and produce a security-focused architecture summary.
- Have the model enumerate security controls, threat models, and likely attack vectors to accelerate code review.
LLM Helped Find A High-Crit SDK Bug
- Justin used Gemini CLI to analyze an SDK and found a high/critical vulnerability in under six hours.
- The assistant flagged the vulnerable area and quickly spun up PoCs to validate the issue.
Agents Multiply Recon And Automation
- AI agents can automate repetitive recon tasks like fetching subdomains, deobfuscating JS, or generating wordlists.
- Combining automation with scripted PoC generation significantly amplifies a hacker's productivity.