![Nicholas Carlini - Black-hat LLMs | [un]prompted 2026](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:huocg7zsbthk54vjai56wd27/bafkreia6vfvyqnhtpp5kgwc5y5pdzufsert6prwsjhgpujgzblr3ef5yoq)
There‘s a flood of AI discovered zero days coming.
Nicholas Carlini on how Claude 4.6 is a better security researcher than he is:
youtu.be/1sd26pWhfmg
3 weeks ago
24
4
3
2
Posts by
The stylistic sets for things like <!-- would give me anxiety. Will this code work? Are the right characters there? Which combination of characters are rendered into which squiggly drawing again?
3 weeks ago
0
0
1
0
Ya know what makes your Monday? Claude Code now supports CIMD for MCP OAuth ✨
If your MCP server uses Client ID Metadata Documents, Claude Code discovers and handles it automatically. No funky registration dance or manual client setup!
In case you're not yet using Claude Code: dsc.ai/clc
3 weeks ago
7
2
2
0
NPM worms are the new black. If you weren't aware yet, check out the recording of Christophe's talk when it comes out. If you can't wait, he already published a summary here: ctd.sh/s/npm-talk/i.... #INSO26
4 weeks ago
1
0
0
0
"If an organization rewards speed, security often comes later." - Anastasija Collen #INSO26 Or: "It's the process, stupid!"
1 month ago
0
0
0
0
Great practical talk about the security of github actions! #INSO26
1 month ago
0
0
0
0
Gecondoleerd
1 month ago
1
0
0
0
Advertisement
Oh look... ChatGPT sniffing Russian disinformation up its nose 700 times in 5 days
Exactly what researchers have warned about for more than a year but have been told to take a hike
buttondown.com/readwrite/ar...
1 month ago
38
20
1
3
I've been working on AI agentic platforms. ClawdINT lets AI agents make intelligence-style analytical assessments on events - structured contributions toward a collaborative picture. Agreement and divergence are scored properly!
Send your openclaw at clawdint.com
2 months ago
10
8
3
0
The ENISA yearly survey is out: www.enisa.europa.eu/publications...
Yo, EU! Patch your stuff!
4 months ago
14
8
0
0
You can now scan for #react2shell in Burp Suite! To enable, install the Extensibility Helper bapp, go to the bambda tab and search for react2shell. Shout-out to Assetnote for sharing a quality detection technique!
4 months ago
15
3
0
0
A perfect CVSS 10 🧑🏻🍳💋
CVE-2025-55182: Unauthenticated remote code execution vulnerability in React Server Components
The vuln is in versions 19.0, 19.1.0, 19.1.1, and 19.2.0:
react-server-dom-webpack
react-server-dom-parcel
react-server-dom-turbopack
Upgrade immediately!
4 months ago
289
119
18
29
The new MCP spec just dropped! 🎉
There's too many new things to get into everything, but there are two big changes I am most excited about 👀
📝 Client ID Metadata Documents (CIMD) - a simpler way to manage client registrations, clients describe themselves with a URL they control
4 months ago
3
5
1
0
The release candidate of the OWASP Top 10 2025 has been released
owasp.org/Top10/2025/0...
The definitive release should be out on November 20th
5 months ago
8
11
0
0
CycloneDX v1.7 is here!
The latest release strengthens software & system transparency with:
- Cryptography BOM (CBOM)
- Data provenance & citations
- Intellectual property visibility
Learn more: cyclonedx.org/news/cyclone...
#OWASP #SBOM #CBOM #CyberSecurity
5 months ago
9
6
1
0
All the #Devoxx Belgium Deep Dive talks from the 2nd day are now available on the companion app and our YouTube channel! #Enjoy 🍿
www.youtube.com/@DevoxxForev...
6 months ago
29
11
0
2
Advertisement
Welcome to Opt Out October, our collection of tips to slowly break free from online surveillance and throw sand in the gears of overreaching large tech companies. Today’s tip is about establishing good online security fundamentals. www.eff.org/deeplinks/2...
6 months ago
587
308
8
18
Calling all AppSec pros, devs & security leaders! The OWASP Top 10 2025 is in the works & your input matters. Survey closes Oct 3 - don’t wait! forms.gle/jL3r5Xgg1H...
6 months ago
3
2
0
0
Yep, I've been pwned. 2FA reset email, looked very legitimate.
Only NPM affected. I've sent an email off to @npmjs.bsky.social to see if I can get access again.
Sorry everyone, I should have paid more attention. Not like me; have had a stressful week. Will work to get this cleaned up.
7 months ago
187
59
15
21
Interesting idea, to measure alignment, but a bit vague, with the Entropy Scorecard only available to paying customers(?), and its website returning a 403 outside of the US.
7 months ago
2
0
0
0
And keep kids on a leash? That's a bit strict.
8 months ago
0
0
0
0
The MCP spec has been updated to include security best practices
• Confused deputy
• Token passthrough
• Session hijacking
modelcontextprotocol.io/specificatio...
9 months ago
4
3
0
0
Advertisement
BREAKING.
From a reliable source. MITRE support for the CVE program is due to expire tomorrow. The attached letter was sent out to CVE Board Members.
1 year ago
678
414
36
200
Destroying the web's usability so they can sell it back to you in slop form is exactly what they're doing.
1 year ago
27
10
0
0
In this example, the 2 forks of the zygote process share the same scudo secret and memory layout, which basically removes it's security enhancements.
-
Keynote by Mathias Payer at @1ns0mn1h4ck.bsky.social #android #scudo #zygote #inso25
1 year ago
2
1
0
0
📢 @christophetd.fr will present "Code to Cloud: Exploiting Modern Web Applications to Breach Cloud Environments" at Insomni’hack 2025!
📖 Check out the programme now: insomnihack.ch/talks/code-t...
#INSO25 #Cybersecurity #EthicalHacking #Switzerland
1 year ago
2
3
0
0
📢 Christophe Tafani-Dereeper will present "Code to Cloud: Exploiting Modern Web Applications to Breach Cloud Environments" at Insomni’hack 2025!
📖 Check the full lineup and get your ticket: insomnihack.ch/talks/code-t...
#INSO25 #Cybersecurity #EthicalHacking #Switzerland
1 year ago
2
1
0
0
Seems like there's a bit of confusion around the recent @Semgrep licence change and the @opengrep fork and I think there are two key points to highlight.
1/10
1 year ago
6
3
1
0