← Back to BugBunny.ai

Editorial Research

Blog

Long-form writing from BugBunny on offensive research, disclosure quality, AI-native security work, and the operating standards behind our public results.

Track Record

25

Public CVEs discovered and published in the BugBunny hall of fame.

Open Hall of Fame →
BugBunnyHackerOneSignal 7.00

March 20266 min read

Precision Over Volume: Why BugBunny's Signal Stands Out

BugBunny's public record is defined by precision: 25 CVEs, concise reports, and a 7.00 HackerOne signal that emphasizes relevance over noise.

BugBunny.aiRead article →
Featured Research5 RCEGoogle VRP

January 202612 min read

How We Found 5 Ways to Hack Any Developer Using Google Gemini CLI

Clone a repo. Type gemini. In 3 seconds, an attacker has your AWS keys, GitHub tokens, and everything else in your environment.

BugBunny.aiRead article →
Blog | BugBunny.ai | BugBunny.ai