How LLMs are changing Bug Bounty: an interview with Icare

July 7, 2026

How LLMs are changing Bug Bounty, interview number three: Icare

Every hunter builds a different relationship with AI. In our previous interview, Aituglo showed us how he plugs LLMs into his proxy to browse targets and analyse requests.

This time, we’re catching up with Icare – a hunter who has taken a very different path. Whereas Aituglo connects AI to his existing toolkit, Icare has built something closer to an autonomous research platform. Same questions, very different answers.

AI toolkit for Bug Bounty

Which AI coding agents or CLI tools are currently part of your Bug Bounty workflow, and how do you connect them to recon, code review, PoC building or report writing?

My main setup is the Claude Code CLI running as a persistent assistant I call Jarvis. The name is a little Iron Man tribute – I’m a fan, and my bot plays the part. Every command I give, it comes back with a “Yes, sir”. Small detail, but it makes the workflow feel like piloting something rather than just running a tool.

Jarvis is combined with the OpenClaw multi-agent framework. It runs on its own dedicated VPS and operates largely on its own: it self-provisions its environment, installs and updates the tools it needs on demand (subfinder, nuclei, ffuf, decompilers, custom fuzzers, whatever the target calls for), manages its own dependencies and Python/Node environments, and maintains long-running audit jobs across sessions.

I don't SSH in to maintain it – Jarvis handles its own infrastructure, and I just talk to it. For recon I still use traditional tools (subfinder, nuclei, ffuf), plus a custom recon tool built by Lucien Doustaly (@wlayzz) that I’ve integrated directly into my setup, but everything analytical goes through Claude.

For code review, I point Jarvis at source code or decompiled binaries and run targeted agents – one for static analysis, one for dynamic testing via SSH, one for report writing, all in parallel.

For PoC building, I describe the vulnerability chain and Jarvis drafts and iterates exploit code that I then validate and adapt. For report writing, the agent reads the raw findings and formats a YesWeHack-ready report, which I review before submission.

The real power is multi-agent orchestration: I can run 5–6 Opus agents simultaneously on different attack angles of the same target while I focus on other things. And because Jarvis is self-managing on its VPS, those agents keep working whether my laptop is open or not.

Our analysis: What stands out immediately is the level of autonomy Icare has engineered into his workflow. Where some hunters use LLMs as an interactive pair - ask a question, get an answer - Icare treats Claude Code as a self-sustaining operator. Jarvis provisions its own environment, manages its own tooling, and runs multi-hour audit jobs without supervision. The hunter's role shifts: less hands-on-keyboard, more strategic direction.

Custom AI skills, agents and workflows

Do you use custom AI skills, prompts, slash commands, agents or reusable workflows? Which one gives you the biggest advantage?

Yes. I use custom OpenClaw skills for specific workflows: security-toolkit for bug bounty recon pipelines, hunt-java-gadgets for deserialization research, and custom agent prompts I’ve tuned over months for web audit, .NET reversing, and hardware research.

What's interesting is that Jarvis maintains its own skill library. It pulls in current vulnerability research, write-ups and CVE post-mortems as they’re published, and drafts candidate skills for each vulnerability class – one per OWASP Top 10 category (injection, broken access control, SSRF, cryptographic failures, etc), each with its own detection heuristics, payload patterns and verification routines. I review and merge the ones worth keeping and prune the rest.

The library grows as new techniques get published, without me having to write each skill from scratch. The biggest advantage is mission-mode: I describe the target and objective, Jarvis spins up numbered agents (Agent 10, 11, 12...), each with a specific role, they collaborate through shared files, and I get a synthesis I can act on.

Our analysis: Most hunters build their tooling manually and update it when they remember to. Icare has flipped that: Jarvis ingests fresh vulnerability research and proposes new detection skills autonomously. The human still curates, but the pipeline for turning public research into actionable tooling is largely automated.

Best LLM for Bug Bounty

Which LLM do you currently trust most for Bug Bounty work, and what does it do better than the others?

Claude Opus for deep research and novel vulnerability discovery – it reasons through multi-step attack chains without losing track. Claude Sonnet for speed on routine tasks (recon synthesis, report drafting, quick code review).

What Claude does better than others: it holds complex technical context across long sessions, and it reasons about why an attack vector won't work before I waste time testing it.

On one recent target, Opus invalidated three of my five initial hypotheses in the first hour by walking the code paths and showing me the guard clauses I had missed – that's hours of dead-end testing I didn't have to do. It also writes exploit code that actually compiles, which sounds trivial until you’ve spent an evening fighting hallucinated APIs from other models.

Our analysis: Icare uses different Claude models for different speeds Opus for deep work, Sonnet for routine tasks. But the detail about Opus *disproving* hypotheses is telling: the value isn't just in finding bugs, it's in killing bad leads early and saving hours that would otherwise vanish into dead-end testing.

Best LLM-assisted bug find

What is the most interesting vulnerability or valid lead an LLM helped you find, and how did you go from AI suggestion to confirmed impact?

A recent example: a private YesWeHack program with a .NET stack, a server application plus several desktop clients. The program had received very few reports before, which is usually a sign that the target is either well-hardened or under-explored.

I deployed the whole setup on a Windows VM and tasked Jarvis with mapping and auditing the stack. It reversed the .NET assemblies, mapped the attack surface across both server and clients, and identified 22 reportable issues in a few hours of agent runtime (RCE, XXE and others), plus a couple of evenings on my side for verification, PoC adjustment and writing up the reports. All 22 were accepted.

Solo, that audit would have taken me much longer than a week. I was facing a complete black box. No documentation, no idea how the application worked internally, no visibility on the API calls between the clients and server, no map of the protocols in use. I would have spent days just understanding the architecture before even starting to look for bugs. Jarvis collapsed that discovery phase into a couple of hours by reversing and mapping everything in parallel.

The most interesting finding in the batch was a .NET deserialization vulnerability that Jarvis surfaced while reversing the assemblies – the kind of bug you only catch when you can actually read through the binary and reason about the type handling, not just fuzz the surface. It led to RCE on the server. I can't go into more detail while disclosure is pending.

Our analysis: The numbers speak for themselves. But beyond the count, it's the nature of the target that matters: a thick-client .NET stack with zero documentation is the kind of program hunters could scroll past because the initial investment feels too steep. Icare's multi-agent setup turned a week-long reverse engineering effort into an afternoon, and the deserialization-to-RCE chain is exactly the kind of deep architectural bug that surface-level fuzzing will never catch.

AI impact on Bug Bounty performance

How has AI changed your Bug Bounty results in terms of speed, signal quality, duplicates, report quality and accepted findings?

Speed: a multi-target audit that took three days now takes one afternoon of agent runtime plus my review.

Signal quality: fewer rabbit holes. Jarvis validates hypotheses before I spend time on them, and surfaces the guard clauses I would have missed.

Duplicates: lower rate on under-explored targets because Jarvis covers more surface upfront – roughly unchanged on saturated programs where everyone is already running similar tooling.

Report quality: significantly better structured and CVSS-scored, with reproduction steps written during the test, not after.

Accepted findings: higher ratio – better-documented reports get triaged faster.

The shift is from me being the analyst to me being the director. I define the target and the methodology, Jarvis executes, synthesises, and surfaces what's worth my attention – and I'm still the one making the call on every finding before it goes out.

What we can learn from Icare’s approach to using AI for Bug Bounty hunting

The scale of what Icare has built is hard to ignore: 22 findings on a single engagement, hypothesis validation that kills dead ends before they cost hours, and a self-maintaining skill library that evolves with the threat landscape. Each interview in this series reveals a different way hunters are weaving AI into their process, and Icare’s leans heavily into delegation and autonomy.

But the most important line in the entire interview might be the last one: “I'm still the one making the call on every finding before it goes out.” However automated the bug hunt becomes, judgement by shrewd human experts remains pivotal.

Stay tuned for the next instalment in this series, with more inspiration for integrating LLMs into your Bug Bounty workflow and improving your results. 🤘