Meet the Yale student and hacker moonlighting as a cybersecurity watchdog
Alex Schapiro, a rising senior at Yale, likes to play Settlers of Catan with his friends, work on class projects, and lead a popular student website. But from his dorm room, Schapiro moonlights as an ethical hacker, uncovering security flaws in startups and tech companies before the bad guys do.
Schapiro's bug-hunting work gained traction last week after Hacker News readers had thoughts about one of his recent findings: a bug in Cerca, a buzzy dating app founded by college students that matches mutual contacts with each other. The flaw could have potentially exposed users' phone numbers and identification information, Schapiro said in a blog post.
Through an "internal investigation," Cerca concluded that the "bug had not been exploited" and resolved the issue "within hours" of speaking with Schapiro, a company spokesperson said. Cerca also reduced the amount of data it collects from users and hired an outside expert to review its code, who found no further issues, the spokesperson added. (The Yale Daily News first reported on Schapiro's findings in April.)
A frenzy of venture investment, in part fueled by advancements in AI, has hit college campuses, leading students to launch products and close fundraises quickly. And with "vibe coding," or using AI to program swiftly, becoming the norm among even the most technical builders, Schapiro is hopeful that ethical bug hunters can help startups build and scale while keeping security a top priority.
"These are real people, and this is real, sensitive data," Schapiro told BI. "It's not just going to be part of your pitch deck saying, 'hey, we have 10,000 users.'"
Building Safer Startups
Schapiro says he got his proclivity for programming from his mother, a former Bell Labs computer scientist. As many startup founders and AI researchers once did, Schapiro started building side projects in high school, using Spotify's API to curate playlists for friends and making X bots to track SEC filings.
Teaching himself how to "reverse-engineer" websites led to breaking and making them stronger — a side hustle he now uses to poke holes in real companies before bad actors can.
Ethically hacking is a popular side hustle in some tech circles. (A Reddit group dedicated to the practice called r/bugbounty has over 50,000 members.) It's a hobby that startups and tech giants stand to benefit from, as it helps them prevent data from getting in the wrong hands. Heavyweights like Microsoft, Google, Apple, and more run bug bounty programs that encourage outsiders to find and report security flaws in exchange for a financial reward.
In his first year at Yale, Schapiro found a "pretty serious vulnerability" in a company he says generates billions of dollars in annual revenue. (Schapiro declined to disclose the company, citing an NDA he signed.)
His discoveries have even led a company with "hundreds of millions of dollars in annual revenue" to start working on a bug bounty program of their own, Schapiro said. He has also been contracted by two other tech companies, including part-time work platform SideShift, to pentest their software. And last summer, he pentested Verizon's AI systems during an internship.
"As someone who uses a bunch of websites, I want my data to be taken care of," he said. "That's my mindset when I'm building something. I want to treat all the data that I'm dealing with as if it was my own data."
Joe Buglewicz for BI
Slowing His Roll
On paper, Schapiro seems like the archetype of a college-dropout-turned-founder: He has built and tested apps since childhood, and he runs CourseTable, a Yale class review database that receives over 8 million requests a month. Sometimes, Schapiro says, founders looking for a technical counterpart reach out to him, and VCs hoping to back the next wunderkind ask him when he's going to found a company.
For now, Schapiro isn't interested.
"The No. 1 thing stopping me from raising money right now is not funding," he said. "I would need to really invest a bunch of time in it, and I love the four-year liberal arts college experience."
Recently, Schapiro has found himself learning how to become a smarter computer scientist — not in a machine learning class, but in a translations course he took for his second major, Near Eastern languages and civilizations. It helped him think about how he turns English into Python efficiently and effectively.
"You meet so many interesting, cool people here, and this is a time in your life where you can really just learn things," he said. "You're not going to get that experience later in life."
While he's not ruling out the possibility of founding a company in the future, Schapiro is fine slowing his roll until graduation next May. This summer, he's interning at Amazon Web Services, where he'll work on AI and machine learning platforms.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Tom's Guide
2 hours ago
- Tom's Guide
Forget ChatGPT — these are my four favorite AI research tools
The huge sea of AI tools now available to us can do some incredible things. But for me, their best use is as an infinite guide to the world around us. Whether it is a deep research project or a quick answer to a question, AI has become the ultimate research tool. This is what I use AI for every single day, both with answering my simplest of questions and helping me understand the complex. That said, some tools just do a better job at this. Out of all the options out there right now, these are my four favorite AI research tools. Yes, we know — you're tired of hearing about chatbots… but let's talk about them some more. They are the bread-and-butter of AI tools, and when it comes to research, they absolutely thrive. While you can use any of the big names like ChatGPT, Gemini, or Deepseek, my favorite for research right now is Claude. The Anthropic-owned chatbot saw a huge upgrade with its Claude 4 models and thrives in its understanding of complicated subjects. I use Claude for everything from a quick answer to a simple question all the way through to a massive deep dive into complicated concepts and tricky-to-understand processes. Claude also offers pre-built prompts to help you learn about new topics, inputting phrases automatically for you to get the best answer. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. For those who haven't used Perplexity before, the best way to describe it is as an AI-powered Google. It's the combination of a search engine and an AI chatbot. Ask it questions, and it will search the internet, using the answers of Reddit forums, research papers, and news articles to answer whatever question you might have in immense detail. While it has some flaws, specifically around the lack of ability to do things like load maps or complete purchases, I have found that it is a better option than Google in a number of situations, especially when you want a quick and detailed answer to a complicated question. Often times, Perplexity will answer a string of questions you might have to ask Google one after the other, all in one search. I recently covered Logically, saying it was like a mix of Perplexity, NotebookLM, and ChatGPT put together. So, in theory, does that mean you don't need any of the above tools? Well, no. While Logically offers the functions of all three, it doesn't do it as well as any of them. Instead, Logically consolidates all of these features into one place, offering a very specific experience. While anyone can find use in this, whether it's for school, work, or just gathering important information, it is intended for a very focused kind of research. This isn't the tool to go for when you're doing a quick dive into a topic or just want to ask a couple of questions. Instead, Logically is what you pull out when you have a 10,000-word essay or a year-long project to keep track of. Part of the Google Gemini family, NotebookLM is a fantastic research tool. Its main use is in summarization. Give it incredibly long documents, YouTube videos, news articles, or just about any kind of source of information, and NotebookLM will summarize it, picking out key points and offering study guides, timelines, and FAQs on the information you've provided. This doesn't have to just be one source of information. You can set up projects with multiple sources of information. One of the more unique features of Notebook is that you can generate a conversation between two AI voices talking through your sources of information. It's kind of like making a podcast specifically for you.
Yahoo
6 hours ago
- Yahoo
It Makes Me Feel Sick, Says A Homeowner Watching Their Condo's Value Collapse. They Still Owe $100K More Than What A Neighbor Just Sold For
Benzinga and Yahoo Finance LLC may earn commission or revenue on some items through the links below. A homeowner in Southern California is reeling after discovering that a nearly identical condo unit in their building just sold for $100,000 less than what they still owe on their mortgage. The owner shared their frustration on Reddit's r/RealEstate community: "I'm feeling disheartened and slightly sick," they wrote. "To know I'm basically $100K in debt right now, after almost two years of paying a pretty high mortgage no less." Don't Miss: Maker of the $60,000 foldable home has 3 factory buildings, 600+ houses built, and big plans to solve housing — Inspired by Uber and Airbnb – Deloitte's fastest-growing software company is transforming 7 billion smartphones into income-generating assets – The unit that sold for less is in the same complex and is the same size and layout. "Doesn't appear to be anything wrong with it either," the person noted, adding that when they bought in, comps were all at or above what they paid. Now, they say, it feels like they 'lost the timing lottery.' With a move coming up, the homeowner is weighing whether to sell at a massive loss or rent the property out. 'Panic selling just cements the loss,' the person wrote, saying they're leaning toward renting the condo out even if it means losing money each month. "Even if it stagnates for years, I still might not reach 100K in costs.' Many commenters were quick to support the idea of renting the property out instead of selling at a steep loss. One noted that in markets like Southern California, price trends are usually upward over time, and that this could just be a short-term dip. Trending: Invest Where It Hurts — And Help Millions Heal: Others brought up the benefits of holding onto a property in a high-cost area even if it means short-term losses, pointing out potential tax benefits, equity building, and a possible rebound in the market. 'I'm thinking along the same lines,' the original poster replied to one person. 'I am really not expecting prices to fall below this sale, and I think this sale even seems like an anomaly given other recent comps.' Still, people who had gone through similar experiences cautioned that being a landlord isn't easy. One shared a story of renting out a condo for over a decade, enduring bad tenants, high homeowners association dues, and needing to make expensive repairs just to get the unit back to market-ready condition. Another emphasized the importance of screening tenants carefully and having a solid financial cushion.A few people questioned whether the $100,000 discount on the other unit was even reflective of true market value. They suggested investigating whether it was a distress sale, probate, or an off-market deal that shouldn't be taken as a true comparable. OP acknowledged they hadn't spoken with a realtor yet but planned to. As for next steps, the homeowner said they were planning to put more money toward the principal balance before the move to reduce the financial hit. They reiterated their hope that holding would result in a better outcome. "Glad to hear I'm not alone," they wrote. "I am fortunately in a position where renting should be feasible. I think it's the best 'wait and see' move." Read Next: With Point, you can , which provides access to a pool of short-term loans backed by residential real estate with just a $100 article It Makes Me Feel Sick, Says A Homeowner Watching Their Condo's Value Collapse. They Still Owe $100K More Than What A Neighbor Just Sold For originally appeared on Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Business Wire
9 hours ago
- Business Wire
RDDT Investors Have Opportunity to Join Reddit, Inc. Fraud Investigation with the Schall Law Firm
LOS ANGELES--(BUSINESS WIRE)-- The Schall Law Firm, a national shareholder rights litigation firm, announces that it is investigating claims on behalf of investors of Reddit, Inc. ('Reddit' or 'the Company') (NYSE: RDDT) for violations of the securities laws. The investigation focuses on whether the Company issued false and/or misleading statements and/or failed to disclose information pertinent to investors. Despite a significant portion of Reddit's traffic coming from individuals performing Google searches, the Company claimed that Google's shift to AI in search results would not have a material impact on its user growth. Analyst Baird cut its price target for the Company's shares on May 21, 2025, citing its concerns on the very issue of Google's AI answers causing users to stop visiting Reddit. Based on this news, shares of Reddit fell by over 9%. If you are a shareholder who suffered a loss, click here to participate. We also encourage you to contact Brian Schall of the Schall Law Firm, 2049 Century Park East, Suite 2460, Los Angeles, CA 90067, at 310-301-3335, to discuss your rights free of charge. You can also reach us through the firm's website at or by email at bschall@ The Schall Law Firm represents investors around the world and specializes in securities class action lawsuits and shareholder rights litigation. This press release may be considered Attorney Advertising in some jurisdictions under the applicable law and rules of ethics.
