Jimmy Astle

lmao I can't stop laughing claude-code has a "Frustrated User Detection" There's a regex that detects when you're angry ( fully hard coded btw) When triggered, it changes Claude's behavior/UI state. Claude literally knows when you're cussing at it.

@logangraham This is awesome

We didn't do anything too fancy. Probably the key thing for us was using task verifiers to let the model verify whether it had achieved the goal (e.g. a crash, or correctly builds post-patch) Just believe in the power of the models, give them tools to use, and walk away!

Back in ~November, our team picked a stretch goal of seeing if we could find and fix vulnerabilities in Firefox with Opus 4.6. In 2 weeks, we found 22, and ~1/5th of all high severity CVEs in a year. For our team, this feels like a rubicon moment.

@altcap @TrumpAccounts @dkhos @InvestAmerica24 Why this over a 529? Genuinely curious from a big finance brain like yours.

Have a child under 18? Claim their Invest America | @TrumpAccounts NOW as millions have already done - start them on their investing journey. 🇺🇸🚀 @dkhos form.trumpaccounts.gov

"Offense and defense aren't peers. Defense is offense's child." - @JohnLaTwC We built an LLM-powered AMSI provider and paired it against a red team agent. Then, @0xdab0 wrote a blog about it: dreadnode.io/blog/llm-power… A few observations from the experiment: >>> To advance, we must generate unique, ground-truth datasets. >>> Defenses will need to live at the edge. >>> The real potential lies in the interaction between red and blue. >>> This is a blueprint for generative adversarial reinforcement learning.

@ItsReallyNick Big fan of ipqualityscore.com They offer enrichments for IPs, domains, phone numbers, emails, domains, URLs all in one place.

i use spur.us daily (and have for the past 3+ years) just an appreciation post for their context service haven't seen others able to reliably pinpoint exact VPN providers in real-time. are there any similar/better services i should be using?

@TurtleboyTweets @ianmiles Giant POS

A Melrose teacher posted a Veteran's Day message on IG yesterday saying that he hopes that Veterans who voted for Trump "are filled with tears and PTSD." He also made another post calling anyone who voted for Trump racist, subhuman "filth”: @ianmiles tbdailynews.com/melrose-high-s…

Absolutely killer research by Matt Graeber on the @redcanary blog this week about compromising (and defending) Azure OpenAI resources. redcanary.com/blog/threat-de…

We analyzed @redcanary detection data from the first half of 2024 to produce a Threat Detection Report midyear update focusing on a trend (identities) and a few emergent threats and techniques. Useful insight for everyone from the SOC to the CISO's office: redcanary.com/threat-detecti…

@Snowden How’s Russia?

If it were iPhones that were leaving the factory with explosives inside, the media would be a hell of a lot faster to cotton on to what a horrific precedent has been set today. Nothing can justify this. It's a crime. A crime. And everyone in the world is less safe for it.

.@Scott_Wiener continues to falsely claim narrow opposition to SB 1047. When in reality there is massive public outcry across research, academic, public and private business and finance. Here is a mega roundup of recent announcements that fully debunk the Senator's claims 🧵

@RadPowerBikes @GlenDunlap_ How’s the build quality on your bike? Took mine for its first ride and the rear wheel broke and bent spokes. @RadPowerBikes support was not very helpful and I’m told the replacement parts are out of stock with not eta…

@GlenDunlap_ WOW! 😍 🙌 🚴

I was just informed that it’s now out of stock with no eta on a replacement part

@RadPowerBikes I took my new RadWagon 5 out for its first ride and a spoke broke immediately. 😔 Further inspection revealed more loose and bent spokes. Customer support couldn't expedite a replacement rear wheel. I need assistance ASAP. Thanks!

An important question looms in the infosec conversation about AI: Will generative AI tools better benefit defenders or adversaries? Lifted from the trends section of our 2024 Threat Detection Report, here’s how we score the fight redcanary.com/threat-detecti…

@jamieantisocial Glad you are enjoying that section. Brian and I spent a good amount of time focusing on the so what here :)

'It’s probably true that sophisticated state-backed adversaries are leveraging GenAI in sophisticated and hard-to-predict ways, but these are fringe threats that most organizations will never encounter...'🧘‍♀️🧘‍♀️🧘‍♀️ redcanary.com/threat-detecti…

Great news, everyone! @redcanary's 2024 Threat Detection Report is officially live! I've read it three times, and it's our best yet. Every section is worth your time, but I'm going to post my personal highlights in the thread. redcanary.com/threat-detecti…

Can GenAI improve security operations? Our GenAI lead @AstleJimmy examines the foundations of GenAI success and how we at Red Canary use GenAI in our security operations workflows. redcanary.com/blog/genai-sec…

This is interesting research that's worth reading. I'd encourage readers to also consider what's NOT here - these groups didn't use LLMs to make new malware or find zero-days. They used them to help research and write scripts. I'm not panicking about this...

Amazon has an overwhelming number of interconnected security and identity products for AWS. A handful of us at @redcanary tried to make sense of the madness by writing a visibility and observability guide with collection tips for logging and detection. redcanary.com/resources/guid…

This Wednesday - join some smart peeps to learn more about common AWS and Azure techniques! Spoiler alert: yes, T1078.004: Cloud Accounts will make an appearance. 😀 redcanary.com/resources/webi…