Meet the Yale student and hacker moonlighting as a cybersecurity watchdog

Alex Schapiro, a rising senior at Yale, likes to play Settlers of Catan with his friends, work on class projects, and lead a popular student website. But from his dorm room, Schapiro moonlights as an ethical hacker, uncovering security flaws in startups and tech companies before the bad guys do.
Schapiro's bug-hunting work gained traction last week after Hacker News readers had thoughts about one of his recent findings: a bug in Cerca, a buzzy dating app founded by college students that matches mutual contacts with each other. The flaw could have potentially exposed users' phone numbers and identification information, Schapiro said in a blog post.
Through an "internal investigation," Cerca concluded that the "bug had not been exploited" and resolved the issue "within hours" of speaking with Schapiro, a company spokesperson said. Cerca also reduced the amount of data it collects from users and hired an outside expert to review its code, who found no further issues, the spokesperson added. (The Yale Daily News first reported on Schapiro's findings in April.)
A frenzy of venture investment, in part fueled by advancements in AI, has hit college campuses, leading students to launch products and close fundraises quickly. And with "vibe coding," or using AI to program swiftly, becoming the norm among even the most technical builders, Schapiro is hopeful that ethical bug hunters can help startups build and scale while keeping security a top priority.
"These are real people, and this is real, sensitive data," Schapiro told BI. "It's not just going to be part of your pitch deck saying, 'hey, we have 10,000 users.'"
Building Safer Startups
Schapiro says he got his proclivity for programming from his mother, a former Bell Labs computer scientist. As many startup founders and AI researchers once did, Schapiro started building side projects in high school, using Spotify's API to curate playlists for friends and making X bots to track SEC filings.
Teaching himself how to "reverse-engineer" websites led to breaking and making them stronger — a side hustle he now uses to poke holes in real companies before bad actors can.
Ethically hacking is a popular side hustle in some tech circles. (A Reddit group dedicated to the practice called r/bugbounty has over 50,000 members.) It's a hobby that startups and tech giants stand to benefit from, as it helps them prevent data from getting in the wrong hands. Heavyweights like Microsoft, Google, Apple, and more run bug bounty programs that encourage outsiders to find and report security flaws in exchange for a financial reward.
In his first year at Yale, Schapiro found a "pretty serious vulnerability" in a company he says generates billions of dollars in annual revenue. (Schapiro declined to disclose the company, citing an NDA he signed.)
His discoveries have even led a company with "hundreds of millions of dollars in annual revenue" to start working on a bug bounty program of their own, Schapiro said. He has also been contracted by two other tech companies, including part-time work platform SideShift, to pentest their software. And last summer, he pentested Verizon's AI systems during an internship.
"As someone who uses a bunch of websites, I want my data to be taken care of," he said. "That's my mindset when I'm building something. I want to treat all the data that I'm dealing with as if it was my own data."
Joe Buglewicz for BI
Slowing His Roll
On paper, Schapiro seems like the archetype of a college-dropout-turned-founder: He has built and tested apps since childhood, and he runs CourseTable, a Yale class review database that receives over 8 million requests a month. Sometimes, Schapiro says, founders looking for a technical counterpart reach out to him, and VCs hoping to back the next wunderkind ask him when he's going to found a company.
For now, Schapiro isn't interested.
"The No. 1 thing stopping me from raising money right now is not funding," he said. "I would need to really invest a bunch of time in it, and I love the four-year liberal arts college experience."
Recently, Schapiro has found himself learning how to become a smarter computer scientist — not in a machine learning class, but in a translations course he took for his second major, Near Eastern languages and civilizations. It helped him think about how he turns English into Python efficiently and effectively.
"You meet so many interesting, cool people here, and this is a time in your life where you can really just learn things," he said. "You're not going to get that experience later in life."
While he's not ruling out the possibility of founding a company in the future, Schapiro is fine slowing his roll until graduation next May. This summer, he's interning at Amazon Web Services, where he'll work on AI and machine learning platforms.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Yahoo

36 minutes ago

• Yahoo

A Jobseeker Says Reddit Paints A Bleak Job Market. But Then Admits People Are Still Getting 'Hired Every Single Day. That's A Fact'

After spending time in multiple career-related subreddits, one Reddit user had a realization that registered with people: Reddit sometimes makes the job market look worse than it really is. 'I've been trying to switch careers recently and joined a bunch of subreddits — tech, healthcare, education, engineering, etc.,' the original poster wrote. 'And in every single one, it's the same thing: 'No jobs' 'The market is dead' 'Everything's saturated' 'You should've started 10 years ago'.' But they pushed back on the despair. 'People get hired every single day. That's a fact,' they said. 'The people who are getting jobs aren't posting here. The ones who are stuck are the ones who are venting.' Don't Miss: Maker of the $60,000 foldable home has 3 factory buildings, 600+ houses built, and big plans to solve housing — Peter Thiel turned $1,700 into $5 billion—now accredited investors are eyeing this software company with similar breakout potential. Learn how you can Their perspective resonated, especially as others chimed in with their experiences. 'I got laid off at the beginning of the year and was terrified because I'm here lurking a lot,' one person commented. 'Luckily, I'm pretty good at interviewing and landed a [work-from-home] job maybe two weeks after. I never posted about how fast I was able to find work, so what you say is true.' Others said the negativity isn't universal across fields. 'Tech jobs in education, medical, and finance are booming right now. I moved companies earlier this year and did not have any trouble finding another fully remote position for a significant raise,' one person added. Still, the thread also highlighted the brutal side of the market. Many shared long stretches of unemployment and feelings of defeat. One mid-level developer said they'd sent out over 100 applications in four weeks and heard back from only five. 'I'm not the best interviewee and am a poster child for, 'if it wasn't for bad luck, I'd have no luck at all.'' Trending: Invest early in CancerVax's breakthrough tech aiming to disrupt a $231B market. New graduates, in particular, seemed to bear the brunt of the pain. 'Some have literally been unemployed for 2-3 years now,' another person said of recent tech grads. 'One of [my friends] is a camp counselor at a coding camp. The other, working IT at a warehousing startup.' He described them as 'Smart kids, high 90's in HS and 3.8 and above GPA in university.' The nursing and teaching sectors drew mixed responses. Many users acknowledged that these fields continue to experience high demand due to staffing shortages, burnout, and high turnover. However, some pointed out that employers often prefer experienced workers, leaving recent graduates without opportunities to gain that very experience. Others emphasized how working conditions and pay in these sectors contribute to why positions remain unfilled, with some describing the workload and pressure as overwhelming despite the steady demand for workers. Reddit's tendency to skew toward doom and gloom was a recurring point. 'Reddit as a collective has the mentality of a depressed 16-year-old. It definitely shouldn't be used as a barometer for anything,' one person joked. Another added, 'It's like reading reviews on Amazon. People only post something negative, while positive is rarely posted.'In the end, the original poster urged job seekers to stay the course. 'Don't let [Reddit] convince you that nothing is working anywhere for anyone. That's just not true. If you're feeling discouraged, I get it. But keep going. You're probably doing better than you think.' Recent data from the U.S. Bureau of Labor Statistics paints a mixed yet still functional employment picture. In May, employers added 139,000 nonfarm payroll jobs, keeping the unemployment rate steady at 4.2%. Job gains were led by health care, leisure and hospitality and social assistance. While federal government payrolls declined, private-sector hiring continued. Though slower than prior months, growth continues, supporting the idea that 'people get hired every single day.' Read Next: Many are using retirement income calculators to check if they're on pace —Up Next: Transform your trading with Benzinga Edge's one-of-a-kind market trade ideas and tools. Click now to access unique insights that can set you ahead in today's competitive market. Get the latest stock analysis from Benzinga? APPLE (AAPL): Free Stock Analysis Report TESLA (TSLA): Free Stock Analysis Report This article A Jobseeker Says Reddit Paints A Bleak Job Market. But Then Admits People Are Still Getting 'Hired Every Single Day. That's A Fact' originally appeared on © 2025 Benzinga does not provide investment advice. All rights reserved.

Yahoo

2 hours ago

• Yahoo

A First-Time Buyer Was Shocked When Their Escrow Shot Up. Turns Out, A Fixed Rate Doesn't Protect You From Tax And Insurance Hikes

Benzinga and Yahoo Finance LLC may earn commission or revenue on some items through the links below. When a Reddit user and their husband bought a home in 2021, they felt confident with their $1,250 monthly mortgage payment. It was a fixed-rate loan, and they had budgeted carefully. But that confidence quickly turned to confusion when their payment jumped to $1,600. At first, the couple thought their private mortgage insurance had increased. 'We've been in contact with our lender and they said the only way to get off the PMI is to get a home appraisal above $331K,' the person wrote in the r/FirstTimeHomeBuyer subreddit recently. So, her husband paid $500 for an appraisal that did meet the target value. But the lender said it was invalid because the appraiser wasn't on their approved list. They were told they'd need to pay $650 for another appraisal through the lender's channels. Don't Miss: Maker of the $60,000 foldable home has 3 factory buildings, 600+ houses built, and big plans to solve housing — Peter Thiel turned $1,700 into $5 billion—now accredited investors are eyeing this software company with similar breakout potential. Learn how you can Redditors were quick to point out what was really going on. 'Your PMI does not go up. Only your escrow for insurance and taxes can go up,' one top commenter said. Another added, 'Interagency appraisal guidelines prohibit financial institutions from using appraisals ordered directly by the borrower.' The original poster later confirmed what many had suspected: 'I asked our mortgage lender to send our last few escrow reports and it was in fact our hazard insurance causing the increase, not our PMI like we originally thought.' The takeaway was this: even with a fixed interest rate, escrow payments can shift drastically because of tax reassessments and insurance hikes. 'Be prepared for your escrow—property taxes and insurance—to go up even if you got a 'fixed rate' mortgage,' the OP warned. Trending: , which provides access to a pool of short-term loans backed by residential real estate with just a $100 minimum. Many commenters shared similar stories. One person said their mortgage payment rose by $800 due to an insurance lapse and property tax increase. Others explained how taxes often spike after a property changes hands, since previous owners may have had exemptions or lower assessments. 'My homeowners insurance went from $1,400 to $2,800 over a three-year span,' one person said. 'I shopped and found insurance with the same coverage for $1,300 again, only to be told they wouldn't cover the house due to them feeling the roof was old. I was forced to spend $12,000 for a new roof in 30 days.'The good news is that there are options. Homeowners can shop around for better insurance rates, dispute property tax assessments, and ask lenders for a broker price opinion instead of a full appraisal to remove PMI. 'I requested the PMI to be removed and was given two options,' one person explained. 'I went with the BPO and it was only $140. Ten days later, my PMI was removed.' Others suggested reviewing escrow statements annually and proactively paying shortages to avoid ballooning payments. 'If you pay the $1200 shortfall, you will owe $100 more a month. If you don't pay it off all at once, you will owe $200 more a month because you're paying the shortfall plus the extra $100 monthly,' one commenter warned. As for the original poster, she ended the thread with a lesson for others: 'As much as some people like to act like home buying and everything involved is intuitive and common sense, it's really not. So I hope you all can learn from our boo boo.' Read Next: Maximize saving for your retirement and cut down on taxes: . This Jeff Bezos-backed startup will allow you to .This article A First-Time Buyer Was Shocked When Their Escrow Shot Up. Turns Out, A Fixed Rate Doesn't Protect You From Tax And Insurance Hikes originally appeared on Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data

Associated Press

3 hours ago

• Associated Press

Class Action Announcement RDDT: A Securities Fraud Class Action Lawsuit Was Filed Against Reddit, Inc. (RDDT)

RADNOR, PA - June 21, 2025 ( NEWMEDIAWIRE ) - The law firm of Kessler Topaz Meltzer & Check, LLP ( ) informs investors that a securities class action lawsuit has been filed against Reddit, Inc. ('Reddit') ( NYSE: RDDT ) on behalf of those who purchased or otherwise acquired Reddit securities between October 29, 2024, and May 20, 2025, inclusive (the 'Class Period'). The lead plaintiff deadline is August 18, 2025. CONTACT KESSLER TOPAZ MELTZER & CHECK, LLP: If you suffered Reddit losses, you may CLICK HERE or copy and paste the following link into your browser: You can also contact attorney Jonathan Naji, Esq. by calling (484) 270-1453 or by email at [email protected]. DEFENDANTS' ALLEGED MISCONDUCT: The complaint alleges that, throughout the Class Period, Defendants made false and/or misleading statements and/or failed to disclose that: (1) changes in Google Search's algorithm and features like AI Overview were causing users to stop their query on Google Search; (2) these algorithm changes were materially different than prior instances of reduced traffic to the Reddit website; (3) Defendants were aware that the increase in the query term 'Reddit' on search engines was because users were getting the sought after answer from Google Search without having to go to Reddit, and not because they intended to visit Reddit; (4) this zero-click search reality was dramatically reducing traffic to Reddit in a manner the company was unable to overcome in the short term; (5) Defendants, therefore, lacked a reasonable basis for their outlook on user rates and advertising revenues; and (6) as a result, the company's public statements were materially false and misleading at all relevant times. THE LEAD PLAINTIFF PROCESS: Reddit investors may, no later than August 18, 2025, seek to be appointed as a lead plaintiff representative of the class through Kessler Topaz Meltzer & Check, LLP or other counsel, or may choose to do nothing and remain an absent class member. A lead plaintiff is a representative party who acts on behalf of all class members in directing the litigation. The lead plaintiff is usually the investor or small group of investors who have the largest financial interest and who are also adequate and typical of the proposed class of investors. The lead plaintiff selects counsel to represent the lead plaintiff and the class and these attorneys, if approved by the court, are lead or class counsel. Your ability to share in any recovery is not affected by the decision of whether or not to serve as a lead plaintiff. Kessler Topaz Meltzer & Check, LLP encourages Reddit investors who have suffered significant losses to contact the firm directly to acquire more information. CLICK HERE TO SIGN UP FOR THE CASE OR GO TO: ABOUT KESSLER TOPAZ MELTZER & CHECK, LLP: Kessler Topaz Meltzer & Check, LLP prosecutes class actions in state and federal courts throughout the country and around the world. The firm has developed a global reputation for excellence and has recovered billions of dollars for victims of fraud and other corporate misconduct. All of our work is driven by a common goal: to protect investors, consumers, employees and others from fraud, abuse, misconduct and negligence by businesses and fiduciaries. The complaint in this action was not filed by Kessler Topaz Meltzer & Check, LLP. For more information about Kessler Topaz Meltzer & Check, LLP please visit CONTACT: Kessler Topaz Meltzer & Check, LLP Jonathan Naji, Esq. (484) 270-1453 280 King of Prussia Road Radnor, PA 19087 [email protected] May be considered attorney advertising in certain jurisdictions. Past results do not guarantee future outcomes.