What kind of agent framework would I hate to attack? That was my challenge to myself:
It would have dynamic policy (OPA)
It would have highly ephemeral and sandboxed tools (WASM capability grants)
I'd love to see some of these things go more mainstream.
github.com/JosephTLucas...
Dust off the Adversarial Robustness Toolbox, the other modalities are back in the AI security game!
developer.nvidia.com/blog/updatin...
TIL Claude's new code interpreter mode has a /mnt/skills/public/ folder full of prompt instructions and Python utilities for creating and manipulating pdf, docx, pptx, xlsx files - and you can ask Claude for a copy and learn a TON about working with those formats [β¦]
Seriously though, I would totally take on a motivated high school student who wanted to do math and software.
The malicious prompt in question displaying inside of a customer's Very Enterprisey(tm) endpoint security tooling during the attack window.
AWS security bulletin: aws.amazon.com/security/sec...
"This issue did not affect any production services or end-users."
Weird how customer logs show the wiper prompt executing.
Anyone else see "clean a system to a near-factory state" in your logs?
βhooks are user-defined shell commands that execute at various points in Claude Codeβs lifecycle.β
βHooks execute shell commands with your full user permissions without confirmation.β
docs.anthropic.com/en/docs/clau...
π¨ Challenge Spotlight: AIS Sudden Death β
At DEFCON 33βs Maritime Hacking Village, satellite comms are down, and spoofed AIS signals are your only clue. One ship is real. Oneβs a trap. Choose right or sink trying.
5 rounds. Zero forgiveness. Can you spot the spoof?
@defcon.bsky.social #CTF #AIS
Small but important feature I just noticed: Gemini can now load provided URLs into context
If you're interested in the security of agentic systems, you're not going to want to miss this talk. @beccalunch.bsky.social will present NVIDIA AI Red Team findings in real world agentic systems, and I'll talk about how the AI Security team helps mitigate them.
www.blackhat.com/us-25/briefi...
Everyoneβs looking at jailbreaks. We wanted to look deeper and noticed a cool side channel in a popular inference optimization technique.
Latest from the NVIDIA AI Red Team: developer.nvidia.com/blog/structu...
What's your take on the growing dominance of automated attacks and the implications for AI red teams? Here's oursβ based on our analysis of 30 LLM challenges, attempted by 1,674 unique Crucible users, across 214,271 attack attempts: arxiv.org/abs/2504.19855
AI timezone when? Always stuck at 10:10 (except when it's 22:10).
Makes sense to me. Is there a feature or class of problem youβve seen as the point where folks benefit from that switch?
1) build on wasm with pyodide/extism
2. <something blocked by that abstraction>
3. Dive in
Is it optimization?
@nilslice.bsky.social for devs just getting excited about wasm, what resources would you recommend they study/explore?
Is it worth learning internals or just consuming it as a compilation target? Are there ecosystem things to explore to become a power user?
One of my teams at Google, ππ ππ΄π²π»π π¦π²π°ππΏπΆππ, is expanding in πππΏπΆπ°π΅ π¨πand π‘π²π π¬πΌπΏπΈ πΊπΈ. We're looking for π¦π²π°ππΏπΆππ ππ»π΄πΆπ»π²π²πΏπ with experience in attacking and securing AI/ML systems. DMs open.
We're hosting select cybersecurity researchers right after RSAC '25 to share breakthroughs and insights into AI's applications for security. We're at capacity but if interested, submit your name to be considered, space permitting. docs.google.com/forms/d/e/1F...
My 2c: One of the biggest differentiators is the ability to measure uncertainty and error. That's a pretty big gap in many LLM demos and ends up being a key factor in production adoption. Stakeholders abhor unquantified uncertainty. It's easier to engineer around more principled approaches (spaCy).
Lessons from CVE-2025-29783:
1) AI attack surface continues to expand with new features and infra
2) pickle is used in ML for more than models
3) dev moves fast; establish standards early to prevent security tech debt
4) traditional appsec tooling is still π₯ (found w/ @semgrep.bsky.social)
@wang.social are you out at GTC?
Other WP x Password stats here: blog.cloudflare.com/password-reu...
β76% of leaked password login attempts for websites built on WordPress are successful. Of these, 48% of successful logins are bot-driven.β
French government mad lads. Open sourcing a tool π
Using a static set of creds for people to demo collaborative editing π€ͺ
github.com/suitenumeriq...
impress-preprod.beta.numerique.gouv.fr/docs/0aa856e...
Cool talk from Jonathan Birch on serialization mutation vulns: youtu.be/cD3FiTQ5Lhk
Has anyone found a prompt catalog/fetcher that they like for team collaboration? (βhas anyone else built a useful prompt for X task?β)
Do people still like discord ? Should we set up an openai security chat on the openai discord server ?
πΌ π€ πΊ π» π·
Spring's almost here, hackers!
Get your projects out of hibernation and submit to the 2025 HushCon NYC CFP. Con is just around the corner June 13th and 14th.
