How are AI and LLMs reshaping Bug Bounty hunting in 2026? And how are hunters adapting?
We sat down with Aituglo, a Bug Bounty hunter with over four years of full-time experience, to find out. From AI-assisted recon to automated vulnerability discovery, Aituglo has been at the forefront of how LLMs are driving change to crowdsourced security testing. In this interview, he shares how he's using LLMs in his workflow and what it means for the future of Bug Bounty.
RELATED Testing AI-powered systems at scale via Bug Bounty, part 1: traditional infrastructure
AI toolkit for Bug Bounty
Which AI coding agents or CLI tools are currently part of your Bug Bounty workflow, and how do you connect them to recon, code review, PoC building or report writing?
Aituglo: I mostly use Claude Code, and I let it do what I need, do the recon, install the tools, do the code review, and then it puts everything in the right folder.
Custom AI skills, agents and workflows
Do you use custom AI skills, prompts, slash commands, agents or reusable workflows? Which one gives you the biggest advantage?
Aituglo: I use the Caido AI Skill to connect the LLM agent to my proxy. I use some agents and the Playwright map to have a proper browser for it. I think the biggest advantage is that now it can use the proxy like a human, send them to the Replay tab and analyse the requests.
Best LLM for Bug Bounty
Which LLM do you trust most for Bug Bounty work today, and what does it do better than the others?
Aituglo: I think Opus 4.6/4.7 and GPT 5.5 are currently the best to use in the cyber field.
Best LLM-assisted bug find
What is the most interesting vulnerability or valid lead an LLM helped you find, and how did you go from AI suggestion to confirmed impact?
Aituglo: It was a nice chain that needed to iterate a lot to find the right path, and instead of building myself a list, the AI was able to iterate and find it the right way.
AI impact on Bug Bounty performance
How has AI changed your Bug Bounty results in terms of speed, signal quality, duplicates, report quality and accepted findings?
Aituglo: Now it’s easier to find bugs, but it’s also frustrating as the number of people submitting bugs is huge so the time it takes to get paid is longer. It’s also frustrating to relate only on AI and not be able to think by yourself, so it needs some tweaking.
What we can learn from Aituglo’s approach to using AI for Bug Bounty hunting
Aituglo's workflow reflects the reality of Bug Bounty hunting today. AI is not replacing hunters; it is augmenting them. Tools like Claude Code and Caido AI Skill handle recon, request analysis and iteration so hunters can focus on the creative vulnerability chaining and contextual reasoning and intuition that machines still cannot do alone.
His answers also expose a real tension in the industry. The same tools that make you faster make everyone else faster too. More submissions, longer payout cycles and a growing risk of letting AI do all the thinking. The hunters who come out on top are not necessarily the ones who automate the most; they’re more likely lateral thinkers who know when to let AI iterate and when to think for themselves.
Interested in emulating Aituglo? Register as a hunter on YesWeHack, sharpen your hacking skills on Dojo, or learn about the latest hacking tools and hacking techniques on our blog.
YOU MIGHT ALSO LIKE ‘Being a developer before, I know where to find bugs’: Aituglo’s Bug Bounty story so far
