Created
November 22, 2025 02:39
-
-
Save misirov/b3c42e26e8f8b8052419f5448756fd1f to your computer and use it in GitHub Desktop.
AI in Smart Contract Security 2025 Adoption Pulse - Form responses
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Timestamp | Are you currently using AI tools (LLMs, AI IDEs, agents) in your Web3 / smart contract security work? | If yes: Roughly when did you start using them for security work? | Today, what share of your smart contract / Web3 security workflow involves AI assistance? | What do you mainly use AI for in smart contract / Web3 security? (Select all that apply) | Since adopting AI tools, how has your security work speed changed? | What about number / quality of findings? | Overall, how do you feel about AI tools for smart contract / Web3 security over the next 2–3 years? | What is the biggest reason for your answer? (e.g., hallucinations, speed, missing subtle bugs, new types of analysis…) | |
|---|---|---|---|---|---|---|---|---|---|
| 19/11/2025 13:32:40 | Yes, I use them daily | 2022 | 51–75% (AI is a core part of my workflow) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | Slightly faster (≤ 25%) | No real change | Strongly bullish – will be a core part of serious security work | ||
| 19/11/2025 13:37:03 | Yes, I use them occasionally | 2024 | 1–25% (small helper on the side) | Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling | Slightly faster (≤ 25%) | No real change | Somewhat bullish – net positive, with caveats | ||
| 19/11/2025 13:38:08 | Yes, I use them daily | 2025 | 51–75% (AI is a core part of my workflow) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing or reviewing fixes / mitigations, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | Clearly faster (≈ 25–100% faster) | Slightly better | Somewhat bullish – net positive, with caveats | Great working tool improvement. Is not a substitute is leverage tool. | |
| 19/11/2025 13:39:40 | Yes, I use them daily | 2023 | 26–50% (used in many tasks, but not central) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing or reviewing fixes / mitigations, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | Slightly faster (≤ 25%) | Slightly better | Neutral / unsure | Hallucinations, dealing with the bullshit outputs at the end makes the speed almost the same | |
| 19/11/2025 13:41:12 | Yes, I use them daily | 2023 | 51–75% (AI is a core part of my workflow) | Understanding unfamiliar code / protocols, Deep-dive analysis / exploit ideas / PoCs, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | About the same | Clearly better (I catch more / deeper issues) | Strongly bullish – will be a core part of serious security work | Speed | |
| 19/11/2025 13:46:38 | Yes, I use them occasionally | 2025 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling | Slightly faster (≤ 25%) | No real change | Somewhat bearish – useful, but mostly overhyped / risky | False positives, hallucinations. Need to get it to double, even triple check sometimes | |
| 19/11/2025 13:54:37 | Yes, I use them occasionally | 2025 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Research (reading papers, standards, ecosystem intel) | About the same | Slightly better | Somewhat bullish – net positive, with caveats | ||
| 19/11/2025 13:55:09 | Yes, I use them weekly | 2025 | 1–25% (small helper on the side) | Check at the end to discover potential blind spots | About the same | Slightly better | Strongly bullish – will be a core part of serious security work | Additional findings especially for blind spots | |
| 19/11/2025 13:55:13 | Yes, I use them daily | 2024 | 26–50% (used in many tasks, but not central) | Understanding unfamiliar code / protocols, Writing or reviewing fixes / mitigations, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling | Clearly faster (≈ 25–100% faster) | Slightly better | Somewhat bullish – net positive, with caveats | Hallucinations make it too unreliable without significant human supervision. It has zero intuition for finding bugs, impressively bad actually. | |
| 19/11/2025 13:56:25 | Yes, I use them daily | 2025 | 51–75% (AI is a core part of my workflow) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling | Dramatically faster (> 2× faster) | Slightly better | Strongly bullish – will be a core part of serious security work | Brace for impact | |
| 19/11/2025 13:59:40 | Yes, I use them daily | 2024 | 51–75% (AI is a core part of my workflow) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing or reviewing fixes / mitigations, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | Clearly faster (≈ 25–100% faster) | Slightly better | Strongly bullish – will be a core part of serious security work | ||
| 19/11/2025 14:02:13 | Yes, I use them daily | 2025 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing or reviewing fixes / mitigations, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | Slightly faster (≤ 25%) | Slightly better | Somewhat bullish – net positive, with caveats | https://github.com/SuperAudit/SuperAudit-Plugin | |
| 19/11/2025 14:02:47 | I’ve tried them, but I don’t use them regularly | 2025 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols, Writing reports, summaries, client communications | Slightly faster (≤ 25%) | No real change | Strongly bearish – more harm than good | Hallucinations | |
| 19/11/2025 14:02:51 | Yes, I use them daily | 2025 | 26–50% (used in many tasks, but not central) | Understanding unfamiliar code / protocols, Deep-dive analysis / exploit ideas / PoCs, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | Slightly faster (≤ 25%) | Slightly better | Somewhat bearish – useful, but mostly overhyped / risky | ||
| 19/11/2025 14:02:51 | Yes, I use them daily | 2025 | 76–100% (I do almost everything with AI in the loop) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing or reviewing fixes / mitigations, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling | Clearly faster (≈ 25–100% faster) | Clearly better (I catch more / deeper issues) | Strongly bullish – will be a core part of serious security work | Better understanding of code | |
| 19/11/2025 14:02:56 | Yes, I use them daily | 2025 | 26–50% (used in many tasks, but not central) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing or reviewing fixes / mitigations, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling | Slightly faster (≤ 25%) | Slightly better | Somewhat bullish – net positive, with caveats | ||
| 19/11/2025 14:03:20 | Yes, I use them daily | 2024 | 26–50% (used in many tasks, but not central) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling | Slightly faster (≤ 25%) | Slightly better | Somewhat bullish – net positive, with caveats | ||
| 19/11/2025 14:03:42 | Yes, I use them occasionally | 2025 | 26–50% (used in many tasks, but not central) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling | About the same | No real change | Somewhat bullish – net positive, with caveats | ||
| 19/11/2025 14:04:12 | Yes, I use them daily | 2024 | 26–50% (used in many tasks, but not central) | Understanding unfamiliar code / protocols, Research (reading papers, standards, ecosystem intel), Exploit analysis - "am I missing any workarounds?" | Slightly faster (≤ 25%) | No real change | Somewhat bullish – net positive, with caveats | less H/M, more Crits missed due to false sense of security created by an AI tool | |
| 19/11/2025 14:04:32 | Yes, I use them daily | 2024 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists) | Slightly faster (≤ 25%) | Slightly better | Somewhat bullish – net positive, with caveats | best tools still need human expertise, so we need to improve both human and tooling | |
| 19/11/2025 14:05:25 | Yes, I use them daily | 2024 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Writing reports, summaries, client communications, Research (reading papers, standards, ecosystem intel) | Clearly faster (≈ 25–100% faster) | Slightly better | Strongly bullish – will be a core part of serious security work | There's a lot of room of improvement, and it's already a. core part for many of us SRs. | |
| 19/11/2025 14:06:15 | Yes, I use them daily | 2024 | 76–100% (I do almost everything with AI in the loop) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing or reviewing fixes / mitigations, Writing reports, summaries, client communications, Research (reading papers, standards, ecosystem intel) | Dramatically faster (> 2× faster) | Clearly better (I catch more / deeper issues) | Strongly bullish – will be a core part of serious security work | Quality of findings that are found this way, while most of hallucinations can be easy filtered if someone has an experience. | |
| 19/11/2025 14:06:16 | Yes, I use them occasionally | 2025 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols, Research (reading papers, standards, ecosystem intel) | Clearly faster (≈ 25–100% faster) | Slightly better | Strongly bullish – will be a core part of serious security work | ||
| 19/11/2025 14:06:24 | Yes, I use them occasionally | 2025 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols | About the same | No real change | Somewhat bullish – net positive, with caveats | There's a very long discussion to have here. But I look at the "ML" and "Data science" "revolution" and how it really didn't live up to its promise and can't help but think the same about "AI." It might be a dogma but I strongly believe that a human with an AI will always be better than an AI without a human. And it's not as if this is a objectively definable problem space, otherwise the industry would be much more invested in building formal methods. So I like AI, I'm excited to use it, but I don't see it replacing people generally in the security process. | |
| 19/11/2025 14:06:46 | Yes, I use them daily | 2025 | 26–50% (used in many tasks, but not central) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing reports, summaries, client communications | Clearly faster (≈ 25–100% faster) | No real change | Strongly bullish – will be a core part of serious security work | Just wanted to | |
| 19/11/2025 14:06:50 | Yes, I use them daily | 2024 | 51–75% (AI is a core part of my workflow) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs | Clearly faster (≈ 25–100% faster) | No real change | Neutral / unsure | Speed | |
| 19/11/2025 14:07:26 | Yes, I use them occasionally | 2025 | 1–25% (small helper on the side) | Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | Slightly faster (≤ 25%) | Slightly better | Somewhat bearish – useful, but mostly overhyped / risky | ||
| 19/11/2025 14:07:53 | Yes, I use them daily | 2024 | 51–75% (AI is a core part of my workflow) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling | Slightly faster (≤ 25%) | Slightly better | Strongly bullish – will be a core part of serious security work | It will improve speed, reduce FP, find more deep bugs and less hallucinations on large codebase so it will drastically improve the time it takes to understand a new codebase | |
| 19/11/2025 14:08:31 | Yes, I use them daily | 2025 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols, Deep-dive analysis / exploit ideas / PoCs, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling | Clearly faster (≈ 25–100% faster) | Clearly better (I catch more / deeper issues) | Strongly bullish – will be a core part of serious security work | Will make existing SR faster and the LLM get better every day | |
| 19/11/2025 14:10:30 | No, not at all | 0% (I don’t really use it) | None | About the same | No real change | Neutral / unsure | |||
| 19/11/2025 14:11:25 | Yes, I use them daily | 2025 | 51–75% (AI is a core part of my workflow) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing reports, summaries, client communications | Clearly faster (≈ 25–100% faster) | Clearly better (I catch more / deeper issues) | Somewhat bullish – net positive, with caveats | Reason I'm not strongly bullish is because their contextual awareness is ironically very weak still. For AI to achieve human parity, it will need to consume much more time than it does currently, and as far as LLMs have advanced, they're still wasting a lot of time with categories that has no value (useless issues, such as "loss of trust","attacks that require a private key being compromised", etc) | |
| 19/11/2025 14:12:49 | Yes, I use them daily | 2025 | 51–75% (AI is a core part of my workflow) | Understanding unfamiliar code / protocols, Deep-dive analysis / exploit ideas / PoCs, Writing or reviewing fixes / mitigations, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | Clearly faster (≈ 25–100% faster) | Slightly better | Somewhat bullish – net positive, with caveats | hallucination, lack of cross-contracts links and reasoning, can't keep up with the context | |
| 19/11/2025 14:15:48 | Yes, I use them weekly | 2025 | 26–50% (used in many tasks, but not central) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Writing reports, summaries, client communications | Clearly faster (≈ 25–100% faster) | No real change | Strongly bullish – will be a core part of serious security work | There are still a lot of false positives (hallucinations), but the system can be improved for detecting common vulnerabilities. However, the primary challenge of identifying novel vulnerabilities will still remain | |
| 19/11/2025 14:17:47 | No, not at all | 0% (I don’t really use it) | Deep-dive analysis / exploit ideas / PoCs | Dramatically faster (> 2× faster) | Clearly better (I catch more / deeper issues) | Strongly bullish – will be a core part of serious security work | I want to learn more about this. Don't know where and how to start | ||
| 19/11/2025 14:19:29 | Yes, I use them daily | 2022 | 51–75% (AI is a core part of my workflow) | Understanding unfamiliar code / protocols, Deep-dive analysis / exploit ideas / PoCs, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling | Dramatically faster (> 2× faster) | Clearly better (I catch more / deeper issues) | Strongly bullish – will be a core part of serious security work | ||
| 19/11/2025 14:19:53 | Yes, I use them daily | 2025 | 51–75% (AI is a core part of my workflow) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | Clearly faster (≈ 25–100% faster) | Slightly better | Strongly bullish – will be a core part of serious security work | I feel that AI is getting better at understanding complex logics and reasoning, so I am pretty sure that sooner than expected it will find vulnerabilities that require a deep knowledge of the code and a deep analysis. | |
| 19/11/2025 14:21:20 | Yes, I use them daily | Before 2022 | 26–50% (used in many tasks, but not central) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing or reviewing fixes / mitigations, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | Clearly faster (≈ 25–100% faster) | Slightly better | Somewhat bearish – useful, but mostly overhyped / risky | I think it's a good helper but the attitude towards AI is that it's going to be in the center of certain tasks which I don't like. As long as it's a helper it's amazing though. Also I don't think AI (Current existing open source tools) can actually help auditors find better bugs, it just saves time on various things so that auditors can spend more time on the actual bug finding process. | |
| 19/11/2025 14:23:22 | Yes, I use them occasionally | Before 2022 | 26–50% (used in many tasks, but not central) | Writing reports, summaries, client communications, Research (reading papers, standards, ecosystem intel) | Slightly faster (≤ 25%) | No real change | Neutral / unsure | ||
| 19/11/2025 14:25:31 | Yes, I use them daily | 2025 | 51–75% (AI is a core part of my workflow) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | Slightly faster (≤ 25%) | Slightly better | Somewhat bullish – net positive, with caveats | The fundamental issues of LLMs | |
| 19/11/2025 14:29:07 | Yes, I use them daily | 2025 | 76–100% (I do almost everything with AI in the loop) | Initial vulnerability discovery (scanning, suggestions, checklists), Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling | Dramatically faster (> 2× faster) | Clearly better (I catch more / deeper issues) | Strongly bullish – will be a core part of serious security work | hallucinations | |
| 19/11/2025 14:31:59 | Yes, I use them daily | 2025 | 76–100% (I do almost everything with AI in the loop) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | Dramatically faster (> 2× faster) | Slightly better | Strongly bullish – will be a core part of serious security work | There have always been steady improvements and we have different companies bringing their own AIs, so the competition will make it become better rapidly. | |
| 19/11/2025 14:32:26 | Yes, I use them daily | 2025 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols, Deep-dive analysis / exploit ideas / PoCs, Writing or reviewing fixes / mitigations, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | Slightly faster (≤ 25%) | No real change | Somewhat bullish – net positive, with caveats | hallucinations and missing bugs | |
| 19/11/2025 14:32:44 | Yes, I use them daily | 2025 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols | Slightly faster (≤ 25%) | No real change | Somewhat bullish – net positive, with caveats | AI hallucinates a lot, even if you're using it just to understand code or snippet of the code base etc., but it does help when it is not hallucinating It is recommend to have a basic familiarity in the concepts that the AI is responding to (the "oh you're right... " thing ) also phrasing the question correctly helps i.e Instead of "Isn't the result of A+B is C", using "what do you think the result of A+B is" helped a lot | |
| 19/11/2025 14:34:52 | Yes, I use them daily | 2024 | 26–50% (used in many tasks, but not central) | Understanding unfamiliar code / protocols, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling, Vulnerable code confirmation (Hello mom I'm at DSS!) | Clearly faster (≈ 25–100% faster) | Clearly better (I catch more / deeper issues) | Somewhat bullish – net positive, with caveats | Mostly hallucinations. It really feels like a blackbox and it's not really reliable and will mostly try to please me. It also fails to have a big picture of a codebase especially when there are a lot of moving parts. For some reason it's really bad at finding the parts of the source code where a feature is implemented especially for big codebases. But it's powerful for small and contained code, where the things which are done are quite standard. I'm treating it as a learning tool rather than for QA. | |
| 19/11/2025 14:35:44 | Yes, I use them daily | 2023 | 51–75% (AI is a core part of my workflow) | Understanding unfamiliar code / protocols, Deep-dive analysis / exploit ideas / PoCs, Writing reports, summaries, client communications, Research (reading papers, standards, ecosystem intel) | Clearly faster (≈ 25–100% faster) | Slightly better | Strongly bearish – more harm than good | ||
| 19/11/2025 14:41:02 | Yes, I use them occasionally | 2025 | 26–50% (used in many tasks, but not central) | Deep-dive analysis / exploit ideas / PoCs, Writing or reviewing fixes / mitigations, Writing reports, summaries, client communications | Clearly faster (≈ 25–100% faster) | No real change | Somewhat bearish – useful, but mostly overhyped / risky | Hallucinations | |
| 19/11/2025 14:50:37 | Yes, I use them weekly | 2023 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols, Rubber duck debugging style | About the same | No real change | Somewhat bullish – net positive, with caveats | Workflows will improve. There’s a lot of experimentation yet to be done | |
| 19/11/2025 14:52:22 | Yes, I use them daily | 2025 | 76–100% (I do almost everything with AI in the loop) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing or reviewing fixes / mitigations, Writing reports, summaries, client communications | Dramatically faster (> 2× faster) | Clearly better (I catch more / deeper issues) | Strongly bullish – will be a core part of serious security work | ||
| 19/11/2025 14:58:29 | Yes, I use them daily | 2024 | 26–50% (used in many tasks, but not central) | Understanding unfamiliar code / protocols, Deep-dive analysis / exploit ideas / PoCs, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling | Slightly faster (≤ 25%) | Slightly better | Strongly bullish – will be a core part of serious security work | Models will continue to improve, and when they can effectively utilize other types of static analysis tools, I believe they will become very good. | |
| 19/11/2025 15:00:11 | Yes, I use them daily | 2022 | 51–75% (AI is a core part of my workflow) | Understanding unfamiliar code / protocols, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling | Clearly faster (≈ 25–100% faster) | Slightly better | Strongly bullish – will be a core part of serious security work | ||
| 19/11/2025 15:02:58 | Yes, I use them occasionally | 2025 | 26–50% (used in many tasks, but not central) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling | Slightly faster (≤ 25%) | Slightly better | Somewhat bullish – net positive, with caveats | ||
| 19/11/2025 15:07:14 | Yes, I use them daily | 2022 | 51–75% (AI is a core part of my workflow) | Understanding unfamiliar code / protocols, Deep-dive analysis / exploit ideas / PoCs, Writing or reviewing fixes / mitigations, Writing reports, summaries, client communications | Clearly faster (≈ 25–100% faster) | No real change | Strongly bullish – will be a core part of serious security work | ||
| 19/11/2025 15:09:50 | Yes, I use them daily | 2023 | 26–50% (used in many tasks, but not central) | Deep-dive analysis / exploit ideas / PoCs, Writing tests, scripts, fuzzing harnesses, or tooling | Slightly faster (≤ 25%) | No real change | Strongly bullish – will be a core part of serious security work | ||
| 19/11/2025 15:10:34 | Yes, I use them daily | 2024 | 51–75% (AI is a core part of my workflow) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | Clearly faster (≈ 25–100% faster) | Clearly better (I catch more / deeper issues) | Strongly bullish – will be a core part of serious security work | Speed | |
| 19/11/2025 15:12:08 | Yes, I use them daily | 2025 | 76–100% (I do almost everything with AI in the loop) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing or reviewing fixes / mitigations, Writing tests, scripts, fuzzing harnesses, or tooling | Clearly faster (≈ 25–100% faster) | Slightly better | Strongly bullish – will be a core part of serious security work | ||
| 19/11/2025 15:16:56 | Yes, I use them daily | 2024 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols, Deep-dive analysis / exploit ideas / PoCs | Slightly faster (≤ 25%) | No real change | Somewhat bearish – useful, but mostly overhyped / risky | Hallucinations, lack of consistent context and is too much of a people-pleaser e.g "Wow that is an amazing insights, you really blah blah blah..." | |
| 19/11/2025 15:17:04 | Yes, I use them daily | 2024 | 26–50% (used in many tasks, but not central) | Understanding unfamiliar code / protocols, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | Clearly faster (≈ 25–100% faster) | Clearly better (I catch more / deeper issues) | Neutral / unsure | I don't have such a background to answer this in a proper way, a part of my mind tells me that AI will be very useful on own environment but at the same time it's overhyped. | |
| 19/11/2025 15:20:22 | Yes, I use them occasionally | 2025 | 26–50% (used in many tasks, but not central) | Understanding unfamiliar code / protocols, Writing or reviewing fixes / mitigations | Slightly faster (≤ 25%) | I find fewer / worse issues than before | Somewhat bullish – net positive, with caveats | ||
| 19/11/2025 15:20:51 | Yes, I use them daily | 2022 | 76–100% (I do almost everything with AI in the loop) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing or reviewing fixes / mitigations, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel), It finds 80% of my reported issues these days. | Dramatically faster (> 2× faster) | Clearly better (I catch more / deeper issues) | Strongly bullish – will be a core part of serious security work | Literally finding Crit/H/M issues with AI on a daily basis right now. P-doom prediction: JSR's: Already replaced SR's: 11 months 90% of LSR's: 2 Years | |
| 19/11/2025 15:22:02 | Yes, I use them daily | 2024 | 76–100% (I do almost everything with AI in the loop) | Understanding unfamiliar code / protocols, Writing tests, scripts, fuzzing harnesses, or tooling | Dramatically faster (> 2× faster) | Clearly better (I catch more / deeper issues) | Somewhat bearish – useful, but mostly overhyped / risky | ||
| 19/11/2025 15:23:28 | I’ve tried them, but I don’t use them regularly | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols, Sorting my thoughts out by fact-checking and arguing with generative nonsense. | About the same | No real change | Somewhat bearish – useful, but mostly overhyped / risky | |||
| 19/11/2025 15:23:57 | Yes, I use them daily | 2024 | 51–75% (AI is a core part of my workflow) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing or reviewing fixes / mitigations, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling | Slightly faster (≤ 25%) | Slightly better | Somewhat bullish – net positive, with caveats | ||
| 19/11/2025 15:44:04 | Yes, I use them daily | 2025 | 26–50% (used in many tasks, but not central) | Understanding unfamiliar code / protocols, Deep-dive analysis / exploit ideas / PoCs, Writing tests, scripts, fuzzing harnesses, or tooling | Clearly faster (≈ 25–100% faster) | Slightly better | Somewhat bullish – net positive, with caveats | Hallucinations | |
| 19/11/2025 15:57:29 | Yes, I use them occasionally | 2025 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols, Deep-dive analysis / exploit ideas / PoCs, Writing reports, summaries, client communications | Slightly faster (≤ 25%) | No real change | Somewhat bearish – useful, but mostly overhyped / risky | False positives, hallucinations | |
| 19/11/2025 16:09:10 | Yes, I use them occasionally | 2024 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols, Writing reports, summaries, client communications | Slightly faster (≤ 25%) | Slightly better | Strongly bullish – will be a core part of serious security work | Growth | |
| 19/11/2025 16:46:54 | Yes, I use them daily | 2024 | 26–50% (used in many tasks, but not central) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | Slightly faster (≤ 25%) | Slightly better | Somewhat bullish – net positive, with caveats | hallucinations & speed | |
| 19/11/2025 16:49:17 | Yes, I use them weekly | 2022 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols, Writing tests, scripts, fuzzing harnesses, or tooling | Clearly faster (≈ 25–100% faster) | No real change | Somewhat bearish – useful, but mostly overhyped / risky | ||
| 19/11/2025 16:55:07 | Yes, I use them daily | 2023 | 26–50% (used in many tasks, but not central) | Writing tests, scripts, fuzzing harnesses, or tooling | Clearly faster (≈ 25–100% faster) | Slightly better | Somewhat bullish – net positive, with caveats | Hallucinations are still a problem, but AI is finding real bugs now | |
| 19/11/2025 17:26:19 | Yes, I use them daily | 2024 | 26–50% (used in many tasks, but not central) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs | Slightly faster (≤ 25%) | Slightly better | Strongly bullish – will be a core part of serious security work | ||
| 19/11/2025 17:54:03 | Yes, I use them daily | 2024 | 26–50% (used in many tasks, but not central) | Understanding unfamiliar code / protocols, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling | Slightly faster (≤ 25%) | No real change | Somewhat bullish – net positive, with caveats | Halllucinations, missing most bugs esp complex ones, needs more development years imo | |
| 19/11/2025 17:55:01 | Yes, I use them occasionally | 2025 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols, Writing reports, summaries, client communications, Research (reading papers, standards, ecosystem intel) | Clearly faster (≈ 25–100% faster) | Slightly better | Somewhat bullish – net positive, with caveats | Hallucinations that require you to spend a lot of time to validate an issue | |
| 19/11/2025 18:51:14 | Yes, I use them daily | 2025 | 76–100% (I do almost everything with AI in the loop) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing or reviewing fixes / mitigations, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | Clearly faster (≈ 25–100% faster) | Slightly better | Strongly bullish – will be a core part of serious security work | new types of analysis | |
| 19/11/2025 19:01:23 | Yes, I use them daily | 2022 | 51–75% (AI is a core part of my workflow) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | Dramatically faster (> 2× faster) | Clearly better (I catch more / deeper issues) | Strongly bullish – will be a core part of serious security work | ||
| 19/11/2025 19:27:17 | Yes, I use them daily | 2025 | 76–100% (I do almost everything with AI in the loop) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | Dramatically faster (> 2× faster) | Clearly better (I catch more / deeper issues) | Strongly bullish – will be a core part of serious security work | Verifying potential exploits and writing tests. | |
| 19/11/2025 20:41:13 | Yes, I use them occasionally | 2025 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols, Research (reading papers, standards, ecosystem intel) | Slightly faster (≤ 25%) | No real change | Somewhat bullish – net positive, with caveats | Improvement in modeling, prompting, additional wrapper tooling can help get AI LLMs more adapted to finding vulnerabilities. | |
| 19/11/2025 21:08:56 | Yes, I use them occasionally | 2025 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | Clearly faster (≈ 25–100% faster) | Clearly better (I catch more / deeper issues) | Strongly bullish – will be a core part of serious security work | ||
| 19/11/2025 21:18:55 | Yes, I use them daily | 2025 | 76–100% (I do almost everything with AI in the loop) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing or reviewing fixes / mitigations, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | Dramatically faster (> 2× faster) | Clearly better (I catch more / deeper issues) | Somewhat bullish – net positive, with caveats | touching unknown codebase helps when you have an llm that can explain it to you, at least the initial recon phase. | |
| 19/11/2025 21:21:32 | Yes, I use them daily | 2023 | 51–75% (AI is a core part of my workflow) | Understanding unfamiliar code / protocols, Deep-dive analysis / exploit ideas / PoCs, Writing reports, summaries, client communications, Research (reading papers, standards, ecosystem intel) | Clearly faster (≈ 25–100% faster) | Clearly better (I catch more / deeper issues) | Strongly bullish – will be a core part of serious security work | AI is a new tool you must know how to use properly. If not it will be like participating in race with a horse vs someone withba car. | |
| 19/11/2025 21:35:44 | Yes, I use them occasionally | 2025 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols, Writing reports, summaries, client communications | Slightly faster (≤ 25%) | No real change | Somewhat bearish – useful, but mostly overhyped / risky | Its much faster than googling, at the end of the day, it performs worse than an illiterate security researcher, so you need to know what you are doing “Garbage Out” is the way it clearly operates when looking for exploits also try telling it to write a simple POC, it will then proceed to do generate ungodly slop that doesnt even compile, lol | |
| 19/11/2025 21:55:55 | Yes, I use them occasionally | 2025 | 26–50% (used in many tasks, but not central) | Understanding unfamiliar code / protocols, Writing reports, summaries, client communications, Research (reading papers, standards, ecosystem intel) | Slightly faster (≤ 25%) | Slightly better | Strongly bullish – will be a core part of serious security work | speed | |
| 19/11/2025 21:57:56 | Yes, I use them daily | 2024 | 51–75% (AI is a core part of my workflow) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing or reviewing fixes / mitigations, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel), Also a lot for audit preparation, like creating quotes | Slightly faster (≤ 25%) | Slightly better | Strongly bullish – will be a core part of serious security work | Its currently not much faster/higher quality than normal auditing, because we dont trust the ai yet and still do the full manual audit, reading and understanding every line of code. Using ai as an extra add on, and like a google for code and tool to make quicker pocs etc. | |
| 19/11/2025 22:29:34 | Yes, I use them occasionally | 2024 | 1–25% (small helper on the side) | Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling | About the same | No real change | Neutral / unsure | hallucinations | |
| 19/11/2025 22:39:10 | Yes, I use them occasionally | 2024 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Research (reading papers, standards, ecosystem intel) | Slightly faster (≤ 25%) | Slightly better | Strongly bullish – will be a core part of serious security work | Seems the capabilities are growing. Once someone figures out a good custom workflow for auditing — hypothesis finding with LLM, coding with other LLM, PoC generation and verification mostly automated — we might be toast. One thing it does not seem to do well though is context understanding and weighing trade-offs/intentional limitations/centralizations. | |
| 19/11/2025 22:40:58 | Yes, I use them daily | 2023 | 76–100% (I do almost everything with AI in the loop) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing or reviewing fixes / mitigations, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | Dramatically faster (> 2× faster) | Slightly better | Somewhat bullish – net positive, with caveats | ||
| 20/11/2025 01:23:39 | Yes, I use them weekly | 2024 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | Slightly faster (≤ 25%) | No real change | Strongly bullish – will be a core part of serious security work | it's the worst that it's ever going to be | |
| 20/11/2025 01:42:32 | Yes, I use them daily | 2025 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols | Slightly faster (≤ 25%) | Slightly better | Somewhat bullish – net positive, with caveats | speed and instant analysis | |
| 20/11/2025 03:14:46 | Yes, I use them occasionally | 2025 | 76–100% (I do almost everything with AI in the loop) | Understanding unfamiliar code / protocols, Writing reports, summaries, client communications | Clearly faster (≈ 25–100% faster) | Slightly better | Strongly bullish – will be a core part of serious security work | ||
| 20/11/2025 03:19:16 | Yes, I use them occasionally | 2024 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Writing or reviewing fixes / mitigations, Writing reports, summaries, client communications, Research (reading papers, standards, ecosystem intel) | Slightly faster (≤ 25%) | Slightly better | Somewhat bullish – net positive, with caveats | good conversational flow however struggle in remembering details (missing subtle bugs) | |
| 20/11/2025 04:36:08 | Yes, I use them occasionally | 2025 | 51–75% (AI is a core part of my workflow) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling | Clearly faster (≈ 25–100% faster) | Slightly better | Somewhat bullish – net positive, with caveats | hallucinations, new types of analysis | |
| 20/11/2025 07:27:15 | Yes, I use them daily | 2024 | 51–75% (AI is a core part of my workflow) | Understanding unfamiliar code / protocols, Writing or reviewing fixes / mitigations, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | Dramatically faster (> 2× faster) | I find fewer / worse issues than before | Somewhat bullish – net positive, with caveats | ||
| 20/11/2025 08:19:11 | Yes, I use them occasionally | 2025 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols, Research (reading papers, standards, ecosystem intel) | Slightly faster (≤ 25%) | Slightly better | Neutral / unsure | ||
| 20/11/2025 09:10:32 | Yes, I use them weekly | 2025 | 26–50% (used in many tasks, but not central) | Understanding unfamiliar code / protocols, Deep-dive analysis / exploit ideas / PoCs, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling | Clearly faster (≈ 25–100% faster) | Clearly better (I catch more / deeper issues) | Somewhat bullish – net positive, with caveats | ai still needs guidance to unearth the very critical bugs, it's great at finding low hanging fruit already | |
| 20/11/2025 09:22:28 | Yes, I use them weekly | 2024 | 26–50% (used in many tasks, but not central) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs, Writing or reviewing fixes / mitigations, Writing reports, summaries, client communications, Writing tests, scripts, fuzzing harnesses, or tooling, Research (reading papers, standards, ecosystem intel) | Clearly faster (≈ 25–100% faster) | Slightly better | Strongly bullish – will be a core part of serious security work | AI specialization in 2-3 years will be massive. I expect top AI models to be better than the average SR by then | |
| 21/11/2025 02:01:27 | I’ve tried them, but I don’t use them regularly | 2024 | 1–25% (small helper on the side) | Writing tests, scripts, fuzzing harnesses, or tooling | Slightly faster (≤ 25%) | No real change | Neutral / unsure | ||
| 21/11/2025 05:31:20 | Yes, I use them daily | 2025 | 26–50% (used in many tasks, but not central) | Understanding unfamiliar code / protocols, Initial vulnerability discovery (scanning, suggestions, checklists), Deep-dive analysis / exploit ideas / PoCs | Clearly faster (≈ 25–100% faster) | Slightly better | Somewhat bearish – useful, but mostly overhyped / risky | Hallucinations and makes you lazy | |
| 21/11/2025 07:04:39 | Yes, I use them weekly | 2025 | 1–25% (small helper on the side) | Understanding unfamiliar code / protocols, Deep-dive analysis / exploit ideas / PoCs, Writing or reviewing fixes / mitigations, Writing reports, summaries, client communications | Slightly faster (≤ 25%) | No real change | Somewhat bullish – net positive, with caveats | AI as a helper is really great to help visualize the wholistic concept of the codebase especially when there's a lot of files and folders. I don't think it will be nearly as good as the human intuition needed to find critical bugs. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment