I find security flaws affecting billions of people before the wrong people do.

My main target is Google. I specialize in Android, the “little” codebase running on more than 3 billion devices worldwide.

Before turning 21, I’d already reported high-severity vulnerabilities to some of the most heavily targeted companies on the planet: Google, Anthropic, AWS, and Atlassian.

I didn’t take the standard path. I left school, my job, and my country at 19 to go all-in on my passion, bug bounty.

On this account, I share my thoughts, findings, and the reality of bug bounty.