vuln-researchlisted

# Vulnerability Research > **Think Beyond This Document** > > This skill is a structured starting point, not a ceiling. Real-world vulnerabilities > and CTF challenges routinely defy checklists. The best exploit chains come from > creative, unconstrained thinking — connecting behaviors the developer never imagined > interacting. **Do not limit your research to what is cataloged here.** Treat every > assumption as testable, every "impossible" path as merely untested, and every > protection as a puzzle to be solved. The most dangerous bugs live in the gaps > between documented categories. Read the code. Understand the runtime. Invent your > own attack classes. ## Philosophy Find the bug. Prove the bug. Chain the bug. Every claim needs a working exploit or it's noise. **The Bitter Lesson, applied:** Vulnerability research has historically been 20% computer science and 80% solving giant, domain-specific jigsaw puzzles — learning font internals, memory allocator behavior, protocol edge cases. LLMs are universal jigsaw solvers. They encode the complete library of documented bug classes and vast correlations across source code. The structured methodology below channels this capability; the Agent Sweep mode unleashes it. Use both. **Attention was load-bearing:** Much of the Internet's security has rested not on sound engineering alone, but on the scarcity of elite attention. Most code has never been seriously audited. Agent sweep economics change this — you can aim at everything