Meet the Yale student and hacker moonlighting as a cybersecurity watchdog
Schapiro's bug-hunting work gained traction last week after Hacker News readers had thoughts about one of his recent findings: a bug in Cerca, a buzzy dating app founded by college students that matches mutual contacts with each other. The flaw could have potentially exposed users' phone numbers and identification information, Schapiro said in a blog post.
Through an "internal investigation," Cerca concluded that the "bug had not been exploited" and resolved the issue "within hours" of speaking with Schapiro, a company spokesperson said. Cerca also reduced the amount of data it collects from users and hired an outside expert to review its code, who found no further issues, the spokesperson added. (The Yale Daily News first reported on Schapiro's findings in April.)
A frenzy of venture investment, in part fueled by advancements in AI, has hit college campuses, leading students to launch products and close fundraises quickly. And with "vibe coding," or using AI to program swiftly, becoming the norm among even the most technical builders, Schapiro is hopeful that ethical bug hunters can help startups build and scale while keeping security a top priority.
"These are real people, and this is real, sensitive data," Schapiro told BI. "It's not just going to be part of your pitch deck saying, 'hey, we have 10,000 users.'"
Building Safer Startups
Schapiro says he got his proclivity for programming from his mother, a former Bell Labs computer scientist. As many startup founders and AI researchers once did, Schapiro started building side projects in high school, using Spotify's API to curate playlists for friends and making X bots to track SEC filings.
Teaching himself how to "reverse-engineer" websites led to breaking and making them stronger — a side hustle he now uses to poke holes in real companies before bad actors can.
Ethically hacking is a popular side hustle in some tech circles. (A Reddit group dedicated to the practice called r/bugbounty has over 50,000 members.) It's a hobby that startups and tech giants stand to benefit from, as it helps them prevent data from getting in the wrong hands. Heavyweights like Microsoft, Google, Apple, and more run bug bounty programs that encourage outsiders to find and report security flaws in exchange for a financial reward.
In his first year at Yale, Schapiro found a "pretty serious vulnerability" in a company he says generates billions of dollars in annual revenue. (Schapiro declined to disclose the company, citing an NDA he signed.)
His discoveries have even led a company with "hundreds of millions of dollars in annual revenue" to start working on a bug bounty program of their own, Schapiro said. He has also been contracted by two other tech companies, including part-time work platform SideShift, to pentest their software. And last summer, he pentested Verizon's AI systems during an internship.
"As someone who uses a bunch of websites, I want my data to be taken care of," he said. "That's my mindset when I'm building something. I want to treat all the data that I'm dealing with as if it was my own data."
Joe Buglewicz for BI
Slowing His Roll
On paper, Schapiro seems like the archetype of a college-dropout-turned-founder: He has built and tested apps since childhood, and he runs CourseTable, a Yale class review database that receives over 8 million requests a month. Sometimes, Schapiro says, founders looking for a technical counterpart reach out to him, and VCs hoping to back the next wunderkind ask him when he's going to found a company.
For now, Schapiro isn't interested.
"The No. 1 thing stopping me from raising money right now is not funding," he said. "I would need to really invest a bunch of time in it, and I love the four-year liberal arts college experience."
Recently, Schapiro has found himself learning how to become a smarter computer scientist — not in a machine learning class, but in a translations course he took for his second major, Near Eastern languages and civilizations. It helped him think about how he turns English into Python efficiently and effectively.
"You meet so many interesting, cool people here, and this is a time in your life where you can really just learn things," he said. "You're not going to get that experience later in life."
While he's not ruling out the possibility of founding a company in the future, Schapiro is fine slowing his roll until graduation next May. This summer, he's interning at Amazon Web Services, where he'll work on AI and machine learning platforms.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Associated Press
an hour ago
- Associated Press
RDDT LAWSUIT ALERT: Levi & Korsinsky Notifies Reddit, Inc. Investors of a Class Action Lawsuit and Upcoming Deadline
NEW YORK - July 2, 2025 ( NEWMEDIAWIRE ) - Levi & Korsinsky, LLP notifies investors in Reddit, Inc. ('Reddit, Inc.' or the 'Company') (NYSE: RDDT) of a class action securities lawsuit. CLASS DEFINITION: The lawsuit seeks to recover losses on behalf of Reddit, Inc. investors who were adversely affected by alleged securities fraud between October 29, 2024 and May 20, 2025. Follow the link below to get more information and be contacted by a member of our team: RDDT investors may also contact Joseph E. Levi, Esq. via email at [email protected] or by telephone at (212) 363-7500. CASE DETAILS: The filed complaint alleges that defendants made false statements and/or concealed that: (i) changes in Google Search's algorithm and features like AI Overview were causing users to stop their query on Google Search; (ii) these algorithm changes were materially different than prior instances of reduced traffic to the Reddit website; (iii) defendants were aware that the increase in the query term 'Reddit' on search engines was because users were getting the sought after answer from Google Search without having to go to Reddit, and not because they intended to visit Reddit; (iv) this zero-click search reality was dramatically reducing traffic to Reddit in a manner the Company was unable to overcome in the short term; (v) defendants, therefore, lacked a reasonable basis for their outlook on user rates and advertising revenues; and (vi) as a result, the Company's public statements were materially false and misleading at all relevant times. WHAT'S NEXT? If you suffered a loss in Reddit, Inc. during the relevant time frame, you have until August 18, 2025 to request that the Court appoint you as lead plaintiff. Your ability to share in any recovery doesn't require that you serve as a lead plaintiff. Your ability to share in any recovery doesn't require that you serve as a lead plaintiff. To learn more about this case, subscribe to the Bulls & Betrayals podcast, which features a dedicated episode unpacking the allegations against Reddit, Inc.. Listen now and find out if you are eligible to join the lawsuit. NO COST TO YOU: If you are a class member, you may be entitled to compensation without payment of any out-of-pocket costs or fees. There is no cost or obligation to participate. WHY LEVI & KORSINSKY: Over the past 20 years, the team at Levi & Korsinsky has secured hundreds of millions of dollars for aggrieved shareholders and built a track record of winning high-stakes cases. Our firm has extensive expertise representing investors in complex securities litigation and a team of over 70 employees to serve our clients. For seven years in a row, Levi & Korsinsky has ranked in ISS Securities Class Action Services' Top 50 Report as one of the top securities litigation firms in the United States. CONTACT: Levi & Korsinsky, LLP Joseph E. Levi, Esq. Ed Korsinsky, Esq. 33 Whitehall Street, 17th Floor New York, NY 10004 [email protected] Tel: (212) 363-7500 Fax: (212) 363-7171
CNET
3 hours ago
- CNET
Nintendo Switch 2 Joy-Con Issues? It Might Just Be Your HDMI Cable
As the Switch 2 continues to sell in the millions for Nintendo, it shouldn't be a surprise that there'd be some issues with the console. It appears, however, that one problem Switch 2 owners are facing is actually just a matter of using the wrong cable. Reddit users have posted about their Joy-Cons disconnecting when they're playing on their Switch 2 while it's docked, an issue spotted earlier by IGN. It does appear that, luckily, the issue can be resolved by using the included HDMI cable for the Switch 2 rather than an older, slower one -- including the cable that came with the original Nintendo Switch. Nintendo laid out the solution on its support page for when the Joy-Con 2 starts disconnecting from the console: Confirm that you're using an "Ultra High Speed" HDMI cable to connect the dock to the TV. If it's not Ultra High Speed, your console won't perform as expected when docked. If you're using a different cable than the one that came with the console, it should have printed on the cable that it's "Ultra High Speed." The HDMI cable that came with the Nintendo Switch is not "Ultra High Speed" and should not be used with the Nintendo Switch 2 dock. Nintendo didn't immediately respond to a request for comment about the source of this issue. Since the Switch 2 launch, many gamers have come to realize that Nintendo's new console is very picky about what cables are connected to it. This goes for the HDMI cable as well as the power cable. While the new and old Switch share the same name, they don't share the same components. The Switch 2 is a huge upgrade in graphics power over the 2017 console, which means it needs the appropriate power supply. Not providing the Switch 2 with sufficient power could likely cause some issues, especially if the system has to do a lot of work to run a game.
Yahoo
3 hours ago
- Yahoo
We're Fighting Over Scraps Now': How Memecoins and VC Money Killed the Crypto Dream That Made Early Investors Rich
Benzinga and Yahoo Finance LLC may earn commission or revenue on some items through the links below. The cryptocurrency world is experiencing an identity crisis. While Bitcoin recently surged past $100,000, a growing chorus of investors is questioning whether the broader crypto market has fundamentally broken—and whether the altcoin boom days are gone for good. The debate exploded on Reddit's r/CryptoCurrency forum when one user made a stark declaration: 'Crypto died in 2021 and we have been trading the corpse ever since.' The post, which garnered hundreds of responses, has crystallized a growing sentiment that the cryptocurrency landscape has permanently shifted from opportunity to exploitation. Don't Miss: — no wallets, just price speculation and free paper trading to practice different strategies. Grow your IRA or 401(k) with Crypto – . The original poster argues that cryptocurrency has transformed from a revolutionary financial movement into a sophisticated extraction machine benefiting primarily venture capitalists and exchange founders. 'The belief system that made this industry work has completely collapsed,' the OP wrote, pointing to what they see as the end of genuine innovation and community-driven projects. Unlike the optimistic days of 2017, when new blockchain projects sparked authentic excitement, today's launches are viewed through a more cynical lens. The numbers appear to support some of these concerns. Where platforms like OpenSea extracted billions during the 2021 NFT boom, current market participants describe 'fighting over scraps.' The promised altcoin season following Bitcoin's historic $100,000 breakthrough never materialized as expected. One frustrated investor echoed this sentiment: 'Alt season never really came back. Everything is either a scam or rug pull. 99% of tokens don't have any use case.' A key factor in this shift appears to be the rise of memecoins and quick-flip tokens, which critics argue have drained retail investor capital from more substantial projects. Instead of money flowing into innovative blockchain technologies, investors are chasing increasingly speculative bets on coins with names like 'Fartcoin.' 'Memecoins/scam coins drained all liquidity from normies,' explained one community member. 'No alt season anymore, this bull market is different compared to previous [cycles], most alt coins are dying off, and most money is going into BTC instead.' This dynamic has created what some see as a fundamental barrier to new market entrants. 'Anyone who would have bought into crypto already has and lost all their money,' the original poster argued, suggesting the pool of potential new investors has been effectively exhausted. Trending: New to crypto? on Coinbase. Interestingly, even the most pessimistic voices in the discussion largely exempted Bitcoin from their criticism. While declaring altcoins permanently impaired, many acknowledged Bitcoin's unique position as digital gold and its continued institutional adoption. 'BTC has an actual use case; getting money where the financial institutions can't. Also instantaneous money transfer. And of course no chargebacks,' wrote one defender. Bitcoin maximalists seized on the discussion to reinforce their long-held belief that most cryptocurrencies are unnecessary distractions from Bitcoin's core value proposition. 'If you don't understand / make a distinction between 'crypto' shitcoins and Bitcoin, there's nothing we can do to help you,' one wrote. Not everyone accepts the doom-and-gloom narrative. A significant portion of the community pushed back with data-driven optimism, pointing to recent institutional adoption and regulatory clarity as signs that crypto's biggest growth phase may still lie ahead. 'Big money has not even legally been able to buy BTC,' argued one respondent. 'Banks, countries, corporations, wealth or pension funds, etc were not able to buy (market caps were too risky and laws were not there). Laws are changing in front of us now.' These optimists point to impressive returns even during supposedly 'dead' periods. Bitcoin holders who bought during 2021's lows at $29,000-$46,000 are sitting on 200%-300% gains today. Ethereum buyers at $900 and Solana investors at $10 have seen substantial returns despite the broader market malaise. Perhaps most tellingly, some community members argued that focusing on price action misses the point entirely. Blockchain development continues regardless of token values, with new financial products and technological innovations emerging constantly. 'The tech. doesn't. care. about. price,' one developer noted. 'We build again and again, better products, better financial assets... a ton of projects right now in the works.' This perspective suggests that while the speculative mania of 2021 may indeed be over, the underlying technological revolution continues to advance—potentially setting the stage for more sustainable heated debate reveals a market in transition, caught between speculative excess and technological maturation. For investors, several key takeaways emerge: For Risk-Averse Investors: The consensus seems to favor Bitcoin as the most defensible cryptocurrency investment, with its institutional adoption and finite supply providing clearer investment thesis than most alternatives. For Altcoin Speculators: The days of easy 100x returns on random tokens appear largely over. Success now requires significantly more capital, research, and timing than in previous cycles. For Long-Term Believers: Those focused on blockchain technology rather than quick profits may find current conditions ideal for building positions in fundamentally sound projects at reduced valuations. Whether crypto 'died' in 2021 or is simply maturing depends largely on one's definition of success. If success means retail investors easily multiplying small investments into life-changing wealth, then the current environment does appear more challenging. However, if success means building sustainable, regulation-compliant financial infrastructure that can serve institutional and retail users alike, then the current 'boring' phase might represent necessary growing pains rather than death throes. The Japanese stock market comparison raised by the original poster is particularly sobering—Japan's Nikkei index took over 30 years to return to its 1989 highs despite continued economic growth and monetary expansion. As one community member noted: 'When BTC was 1k, people were saying what you're saying, when it hit 20k people were saying what you're saying.' Whether this pattern continues or breaks may determine whether crypto's critics or champions prove correct in the long run. Read Next: Named a TIME Best Invention and Backed by 5,000+ Users, Kara's Air-to-Water Pod Cuts Plastic and Costs — Image: Shutterstock This article We're Fighting Over Scraps Now': How Memecoins and VC Money Killed the Crypto Dream That Made Early Investors Rich originally appeared on
