Dane Sherrets
@DaneSherrets
Followers
723
Following
1K
Media
25
Statuses
524
Innovations Architect at HackerOne. Hacker. Florida Man. Opinions are mine. I follow people I don’t agree with - don’t read into it.
Joined July 2014
I am pushing myself to learn more in public this year and am excited to share my first ever writeup about a vulnerability I found in a verification system used by @worldcoin. I'll also share a script for finding similar bugs #bugbountytips. 1/n.
medium.com
How I applied the “Smashing the State Machine” research to find a vulnerability in the World ID system used by Worldcoin.
2
17
70
RT @trailofbits: Prompt injection dominates AI security discussions, but little public research exists on writing powerful, discreet, and r….
0
18
0
Promise that we will also be dropping some fun bugs and techniques :).
Don't miss "Securing Intelligence: How hackers are breaking modern AI systems … and how bug bounty programs can keep up" by @DaneSherrets & Shlomie Liberow (@shlibness) on Friday, August 8 at 02:00 PM on Creator Stage 4. Read more at #BugBounty #DEFCON
0
1
9
👀.
We’re excited to announce that Dane Sherrets (@DaneSherrets) will be speaking at the Bug Bounty Village at DEF CON 33!. Stay tuned for more details on their talk, you won’t want to miss it. #BugBounty #DEFCON #BBV #BugBountyVillage
0
1
5
RT @infinitelogins: I vibe coded and shipped an app in three days. It got hacked. Twice. Here’s what I learned. 🧵.
0
268
0
This. I want to see more companies disclosing like Anthropic, not less.
Humans can be trained just like AIs. Stop giving Anthropic shit for reporting their interesting observations unless you never want to hear any interesting observations from AI companies ever again.
0
0
3
RT @AnthropicAI: We're launching a new bug bounty initiative to stress-test an updated version of our anti-jailbreaking system before it’s….
0
88
0
RT @samczsun: this is what the crypto insiders dont want you to know about what a project's choice of domain says:. com/.org - found pmf. ….
0
95
0
RT @Jhaddix: Some notes from the floor:. Most products do not leverage ML, just an LLM. Most are using LLAMA hosted by the company. No the….
0
16
0
RT @NickTroiano: Cardinals over age 80 cannot vote for the next Pope to “ensure the full faculties of those exercising such a grave respons….
0
3
0
RT @samczsun: i wrote a thing about all the different teams in north korea dedicated exclusively to fucking your shit up and how you can kn….
paradigm.xyz
There’s more to the DPRK than just Lazarus Group.
0
183
0
RT @DanielMiessler: ❌ “Learn to code”. ✅ “Learn to make”. Technology is currently the best lever for one person to improve the lives of….
0
9
0
RT @EFF: Signal's a great app to keep your communications secure, but make sure you know the identities of the users in your group chats.….
ssd.eff.org
Download location: Google Play Store, Apple App Store System requirements: Android 5 or later, iOS 13 or later Version used in this guide: Android: 7.38.6 iPhone: 7.5.1 License: GPLv3 Level: Beginner...
0
195
0
“Quisque aliquid habet quod occultet”. There is no such thing as a backdoor only the “good guys” can use.
📣🚨 BAT SIGNAL: A law in France that would mandate a backdoor in end to end encrypted communications is set for a vote within the next day, after some start-stop skirmishes. The French Narcotraffic law would require encrypted communications providers—like Signal—create a.
0
0
0
RT @BugBountyDEFCON: We are back for DEF CON 33 this August. To celebrate, we will be giving away 10 more one-month Pentesterlab licenses!….
0
92
0
Proud to co-author this paper on refining cybersecurity disclosure practices for AI. If you work in #ai, #Security , #policy — or just care about world-changing technology — check it out.
What are 3 concrete steps that can improve AI safety in 2025? 🤖⚠️. Our new paper, “In House Evaluation is Not Enough” has 3 calls-to-action to empower independent evaluators:. 1️⃣ Standardized AI flaw reports.2️⃣ AI flaw disclosure programs + safe harbors. 3️⃣ A coordination
0
2
6
RT @0xAsm0d3us: New writing/research ✒️. Fragility of The Internet: How Sacrificial Nameservers allowed potential DNS hijacking of 1.6+ mil….
0
6
0
This was a fun project to be a part of. Automated testing can only take you so far. If you want secure and safe AI systems then don't sleep on the hacker mentality.
How do you validate your AI model or app has solid guardrails? You invite the world’s best AI and security researchers to break it. 💪. Last month, @AnthropicAI partnered with HackerOne to launch a first-of-its-kind jailbreak challenge, pushing AI security to its limits. Read
0
0
0