Bernhard Mueller

AI Research Lead at Sherlock

United States
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
🎓
Top School
award
Top expert inComprehensive Cybersecurity and DevSecOps Practices
Bernhard Mueller is an offensive security researcher and AI research lead with over two decades of experience discovering and responsibly disclosing critical zero-day vulnerabilities across mobile, desktop, and web3 ecosystems. He authored the initial OWASP MASVS and substantially contributed to the OWASP Mobile App Security Testing Guide, shaping industry standards for mobile security testing. In 2017 he created Mythril, a widely adopted symbolic execution tool for EVM bytecode, and later joined ConsenSys Diligence as a smart contract auditor working with leading DeFi projects. After a sabbatical, he returned as an independent web3 security researcher focusing on niche protocols and now leads AI research efforts at Sherlock while contributing to Spearbit Labs. His background blends deep hands-on exploit development, fuzzing, and reverse engineering with practical security program leadership and due diligence for investors. Known for translating advanced vulnerability research into usable tools and standards, he combines academic rigor with a hacker’s curiosity—aptly hinted by his GitHub bio’s playful logical formula.
code11 years of coding experience
job10 years of employment as a software developer
bookDI (FH) Telecommunications, DI (FH) Telecommunications at FH St. Pölten – University of Applied Sciences
github-logo-circle

Github Skills (13)

smart-contracts10
vulnerabilities10
mobile-security10
security-vulnerability10
solidity10
ios10
reverse-engineering10
ethereum10
vulnerability10
security10
test-driven-design9
objective-c8
swift7

Programming languages (13)

C++CSSCTeXHTMLPostScriptTypeScriptShell

Github contributions (5)

github-logo-circle
OWASP/owasp-mastg

Oct 2016 - Dec 2017

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
Role in this project:
userMobile Developer (iOS)
Contributions:1 release, 1012 commits, 420 PRs in 1 year 2 months
Contributions summary:Bernhard's commits focus on adding content and features to the iOS-specific section of the Mobile Application Security Testing Guide (MASTG). The contributions include adding a table of contents for reverse engineering of Android chapters, content related to iOS jailbreaks, and updates to iOS-specific content. The user added and updated iOS crackme exercises to illustrate security concepts.
testing-cryptographymobile-appmstgengineeringios
Smart Contract Weakness Classification and Test Cases
Role in this project:
userSecurity Engineer
Contributions:69 commits, 45 PRs, 57 pushes in 1 year 6 months
Contributions summary:Bernhard contributed to the smart contract security registry by adding test cases related to common vulnerabilities and best practices. Their work included adding benchmarks for visibility functions and integer overflows, highlighting potential issues in Solidity code. They also incorporated real-world samples like Rubixi and BECToken, expanding the repository's coverage of security concerns and demonstrating an understanding of common smart contract patterns. Further, they added test cases focusing on unchecked return values and re-entrancy attacks.
casesweaknesssmart-contractethereumsecurity
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Bernhard Mueller - AI Research Lead at Sherlock