AI Security Agents. Find and fix *all* exploits in your code
- Tweets 221
- Following 42
- Followers 2,203
- Likes 416
Pinned Tweet
Can spending $1k to $5k / mo with @bitsecai save companies from $100k or more in catastrophic exploits?
We are entering Phase 1. Here's the short summary of where we are and a taste of where things are going.
We have 3 companies in the pipeline with a growing backlog of companies we still need to meet. Each new potential client we want to knock them out with a simple message:
"Your codebase has a couple exploits ready to fix, have it for free whether you want to join or not. Subscribe and we'll spend more resources to do a thorough end to end exploration with our AI security army."
We are exploring distribution channels, where closing one deal allows us to reach many ideal clients.
EOY goal is 50 company subscriptions, 1 enterprise subscription.
What this means is building a book of revenue between $50k to $250k MRR, building good reputation with paying clients, which can offset the current upfront inference cost per client to show them sample exploits.
We need to add key personnel to the Bitsec team as we grow to service more clients.
Phase 2 post coming soon. $Bittensor $TAO
4
9
70
6,859
$200m hack could have prevented by a 10 minute scan on Bitsec
Bitsec and many other real projects are powered by Bittensor 🫡
holy shit.
@bitsecai found the cetus protocol hack in less than 10 minutes.
Critical Integer Overflow Exploit Found
Addition Overflow in get_next_sqrt_price_a_up()
Vulnerable Code Location:
movelet liquidity_shl_64 = (liquidity as u256) << 64;
let product = full_math_u128::full_mul(sqrt_price, (amount as u128));
let new_sqrt_price = if (by_amount_input) {
(math_u256::div_round(numberator, (liquidity_shl_64 + product), true) as u128)
// ^^^^^^^^^^^^^^^^^^^^^^^^
// VULNERABLE ADDITION
} else {
(math_u256::div_round(numberator, (liquidity_shl_64 - product), true) as u128)
};
Attack Vector:
An attacker could craft a transaction with specific values that cause liquidity_shl_64 + product to overflow:
move// Example attack parameters:
let liquidity: u128 = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF; // Max u128
let sqrt_price: u128 = 0x1000000000000000000000000; // Large price
let amount: u64 = 0xFFFFFFFFFFFFFFFF; // Max u64
// This causes:
let liquidity_shl_64 = liquidity << 64; // Near u256 max
let product = sqrt_price * amount; // Large product
// liquidity_shl_64 + product OVERFLOWS and wraps to small value
Exploitation Result:
- The denominator becomes a very small number due to overflow wrap-around
- Division by small denominator yields extremely large new_sqrt_price
- Attacker can manipulate price to drain funds from the pool
Immediate Actions Required:
- Add comprehensive input validation and bounds checking
- Implement safe arithmetic with overflow protection
- Fix unsafe type casting with proper validation
- Standardize rounding logic across all functions
h/t to @dedaub for explaining the vulnerability in great detail to confirm the subnet findings. would love to chat more
nitter.app/dedaub/status/19256519…
8
7
39
3,290
no recent tweets != ded
it means we have a hole in marketing that needs to be filled.
don’t confuse the two.
8
3
24
2,252
Bitsec is an ecosystem for AI powered software vulnerability detection for Bittensor subnets and smart contracts.
1
4
24
4,818
Bitsec curious??
FAFO on today’s Novelty Search with @yubrew
Join me in today's @opentensor novelty search
I'll uncover:
- motivation behind Bitsec
- only possible on Bittensor
- subnet mechanics
- juicy exploits from miners
- next milestones
see you soon 🫡
1
5
16
21,889
Curious about Bitsec’s alpha token and community?
Bitsec is tackling a billion dollar problem with inadequate solutions:
find and fix software exploits with smart machines.
The community is full of contributors including @21RoundTable @YumaGroup and miners making suggestions and PRs.
It is a thriving community of stakeholders each fulfilling their role to add value so the sum is greater than each part.
Creating a thriving ecosystem is the key to a long lived network. This is the advantage Bitsec has over its many competitors.
Intrigued?
Join our pirate army and follow the journey 🫡
bitsec does machine based vulnerability finding. protocol revenue comes from awards from bug bounties, auditing services.
invest if you think:
- billions / yr in addressable market size is big
- $20-$30m FDV is small
- my team and miners can keep finding high and critical vulnerabilities
- you can contribute to the subnet in terms of marketing, code, mining, outreach or other to help fill the gap between current subnet FDV and total serviceable market
otherwise step aside and let others buy. it’s really that simple.
i’d rather keep it small, committed and active than some whales scoop up everything and do nothing. that’s just my opinion.
1
3
18
1,404
More people need to know about Bitsec.
Bybit just got hacked for $1.4b. Here's my breakdown:
The hacker was able to change the multisig UI and show something different from what was actually signed.
They got the multisig to sign away the funds.
This hack could have been prevented if signers compared UI data to the signed data. But it's hard. Here's an example of what encoded hexadecimal of a tx looks like:
We should be using technology to help us prevent catastrophic losses. Preventable hacks like these is why I founded @bitsecai
It's hard to stay vigilant, and any single blind spot can cause large losses.
The Bittensor hack in July 2024, I used Bitsec's AI powered vulnerability models to show how it could have scanned the vulnerable PYPI package and find the vulnerability earlier in 10 minutes.
nitter.app/yubrew/status/18089031…
While we don't have full details on the Bybit incident, I'm confident Bitsec could have been used to find the tx hash discrepancy.
Let's make crypto a safe space.
3
12
24,569
In case you didn’t get the memo:
$10k in prizes for @endgame_summit hackathon
test your skills to see what you can build in a couple days
happy hacking!
hey $TAO devs,
interested in writing better code and losing less $$?
participate in @endgame_summit hackathon and maybe win a prize ^_^
starts tomorrow ⌛️
2
7
1,859
We just launched Bittensor Subnet 60 yesterday.
Already validators @21RoundTable and @TeamRizzoAI set weights. Who's next?
2 organic miners have joined.
The cook just starting 🔥
Bitsec is an ecosystem for AI powered software vulnerability detection for Bittensor subnets and smart contracts.
5
180
There are many revenue paths including
- paid subscriptions
- white hat services
- bug bounty programs
1
5
223
We shipped a big release today.
Our miner results now have higher utility and readability to participate in audit competitions and bug bounties.
Real revenue potential.
sn60 ships.
we launched a big upgrade to validators and miners github.com/Bitsec-AI/subnet/…
this change:
- forces miner responses to conform to immunifi severity classifications
- improve validator-proxy responses
- improves incentive mechanism and other upgrades
this sets up our next weeks and months of announcements. a lot in the pipeline that i can't wait to say, fam.
we cooking 🔥
1
1
5
633
Dynamic TAO flips subnets upside down.
The #1 priority for subnet owners is hardening their incentive mechanisms. The best tool for that is SN60's subnet scanner.
We have found and responsibly reported 14 critical and
23 high vulnerabilities already in a handful of subnet scans.
In the current system, adverse miners accrue and dump TAO. Subnet owners receive TAO. Selling TAO does not affect future rewards or emissions.
With Dynamic TAO, participants earn alpha, and dumping alpha affects future emissions. With subnets starting equally at 1.5% emissions, adverse miners will target weaker subnets to farm and dump alpha tokens for TAO.
Many big announcements coming. 🔥
1
4
642
Generating quality analysis is a hard task that requires deep knowledge and applied research.
Many past hacks could have been prevented with easier access to security tooling.
Creating a secure environment is fundamental to onboarding more people.
1
4
95
Learn More:
bitsec.ai
github.com/Bitsec-AI/subnet
1
3
215
Good news: Finding real vulnerabilities confirmed with subnet owners.
Bad news: Feedback some subnet reports contain false positive findings.
What devs do?
1. Changed our content
2. Add subnet responses soon
3. Add organic rewards soon
3
236
We have already reported live critical and high vulnerabilities in mainnet to subnet teams.
And replicated findings from past audit reports.
We will responsibly disclose our findings here on twitter, our website, and in the discord channel.
1
3
120
Good objective benchmarks and incentives are a power combination.
As researchers improve performance, better models generate more security findings, increasing the demand and usage of Bitsec.
1
3
83
When given a code challenge, eg open source code,
Our machines (miners) scour your code to find vulnerabilities in minutes, make a report, and recommend fixes.
The analysis is graded, with a score based on accuracy, false positives, and other factors.
1
3
147
Great things come from humble beginnings.
Reached our first 0.01% emissions.
Cook just starting 🔥
1
3
166
Listen into @yubrew on the state of agents, and adding Bittensor spice to the conversation
2
544
happy dynamic tao launch!
great job @mogmachine on @taostats delivering high performance for letting us see everything real time.
live 5 min, we at 51m FDV. a lot more growth ahead 📈
1
1
435
see past vulnerability reports. scan repos. it's live at
bitsec.ai
1
168
