3e:["$","div",null,{"className":"flex flex-col gap-3 pt-2","children":[["$","$L43",null,{"episodeData":{"uuid":"7e6f5fff-cd4f-4c50-9242-f162a841313a","duration":3232,"subtitle":"Software has forever had flaws and humans have forever been finding and fixing them. With LLMs generating code, appsec has also been trying to determine how well LLMs can find flaws. Nico Waisman talks about XBOW's LLM-based pentesting, how it climbed...","datePublished":1759827600,"name":"Finding Large Bounties with Large Language Models - Nico Waisman - ASW #351","description":"

Software has forever had flaws and humans have forever been finding and fixing them. With LLMs generating code, appsec has also been trying to determine how well LLMs can find flaws. Nico Waisman talks about XBOW's LLM-based pentesting, how it climbed a bug bounty leaderboard, how it uses feedback loops for better pentests, and how they handle (and even welcome!) hallucinations.

In the news, using LLMs to find flaws, directory traversal in an MCP, another resource for learning cloud and AI security, spreadsheets and appsec, and more!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw-351

","audioUrl":"https://dts.podtrac.com/redirect.mp3/traffic.libsyn.com/secure/pauldotcom/ASW_351_1--cfee67c3-1474-4c44-bbae-fcdfe8f3fa3c--audio-converted--88828e00-906e-4d53-aeaa-91f34cf1c7ad.mp3?dest-id=13427","seriesUuid":"bd934618-24d5-407a-9d0b-315472d0c67c","summary":null,"transcript":null,"summaryInProgress":null,"transcribeInProgress":null,"assemblyAiId":null,"imageUrl":"https://static.libsyn.com/p/assets/0/1/b/a/01ba33b941dbfbbed959afa2a1bf1c87/ASW_351_Thumbnail_ASW_1920x1920_8404382b-5a86-4803-8475-c0512b89e13d.jpg","slug":"finding-large-bounties-with-large-language-models-nico-waisman-asw-351","series":{"uuid":"bd934618-24d5-407a-9d0b-315472d0c67c","name":"Security Weekly Podcast Network (Audio)","itunesId":91472687,"datePublished":1130414402,"description":"Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape.\n\nTune in for in-depth panel discussions, expert guest interviews, and breaking news on the latest hacking techniques, vulnerabilities, and industry trends. Stay informed and secure with the most trusted voices in cybersecurity!","authorName":"Security Weekly Productions","imageUrl":"https://static.libsyn.com/p/assets/3/4/f/d/34fd06c8777349ba27a2322813b393ee/SW_Cover_1920x1920.png","isTopSeries":null,"slug":"security-weekly-podcast-network-audio","language":"en"},"podcastSeries":{"uuid":"bd934618-24d5-407a-9d0b-315472d0c67c","name":"Security Weekly Podcast Network (Audio)","imageUrl":"https://static.libsyn.com/p/assets/3/4/f/d/34fd06c8777349ba27a2322813b393ee/SW_Cover_1920x1920.png","authorName":"Security Weekly Productions","itunesId":91472687,"datePublished":1130414402,"description":"Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape.\n\nTune in for in-depth panel discussions, expert guest interviews, and breaking news on the latest hacking techniques, vulnerabilities, and industry trends. Stay informed and secure with the most trusted voices in cybersecurity!","language":"en"}}}],"$L44"]}]