I am using the latest version of Bulletproof Security (0.48.8) with the latest version of WordPress (3.5.1).
Everytime I go to my website's WordPress login page (http://<site-url>/wp-login.php), I see an "ERROR: Invalid username" error on top of the login form (see image here: http://btenc7unnvpdjzve.zippykid.netdna-cdn.com/wp-content/uploads/2011/11/invalid-username.png ).
This happens even if I login from another computer from where my site hasn't been visited at all, nor is the login password stored.
The issue started after I enabled login security option that is now available within BPS itself. Looks like some bug in that piece of code.
NOTE: Earlier I was using Limit Login Attempts plugin for this purpose, and never faced this problem.