Yes, the differences are substantial.
It's also worth noting that although some speedrunning may be akin to vulnerability research, the vast majority of speedrunners are "only" practicing and replicating exploits demonstrated by others. They're in different columns.
Also speedrunners are really bad historians. Their documentation is usually loose google docs links, placed on a discord channel. IF that sounds like there's little to none versioning and little to none searchability - precisely.
I am reminded of the top Super Mario players all congregating for a run on GDQ, only for a complete random fan to come to them and ask "So... if you were all stuck trying to optimize this one pipelfor over half a decade... Why didn't any of you just do the Devil's Spell?"
To which the speedrunner's reaction is: "Wtf is the Devil's Spell".
It happened to be a trick that was documented nearly 2 decades prior.
I was talking about red teaming a system. Red teaming a system is compared to a speedrunner attempting a run using known exploits. A security researcher is a speedrunner attempting to find new exploits.
Kind of, but even an average runner can experience a bug or refine a strategy through repeat practice, which they often share with the community through streamed runs or discords.
You tend to have certain people who are more interested in glitch finding and spend most of their focus on that over actually running the game. Then you have TAS runners (often overlap with glitch hunters) who make TAS-only runs to determine what the absolute limit is in a game. Finally, you have the remaining 95% of the community, runners grinding the game over and over.
Strategies from TAS often are repurposed by speedrunners, perhaps most famously in Mario 1 any%, where several strats used by top runners were once considered infeasible for humans.
Correct. TAS usually means to use a tool that lets them painstakingly play the game on a frame-by-frame basis (usually 1/60th of a second), each frame making the theoretically optimal input.