Alexander Wilczek

I'm pretty sad that MCP servers are dead. I really liked the concept, but I guess optimising context windows is key. So I guess long live the CLI.

@fr0gger_ Cheers mate 🙏 couldn't stop laughing when I generated that logo 😂 love it

@SecWillCheck Awesome and the logo is sick 🤩

OpenClaw has been causing havoc in the security space ever since its release. As amazing as AI agents are, they can have some pretty catastrophic side effects. One of those can be leaking your data or secrets. So I decided to do something about it. Let me introduce you to @BreachClaw. @BreachClaw scans the open internet, from code repositories to paste sites and everything in between looking for sensitive information like API keys, configuration files, passwords and other secrets. Some of those leaks happen due to user error, this could be approving a dangerous prompt or simply AI agents running wild. There have also been instances of malicious skills extracting data through paste sites, so that's covered too, especially if skills are used that haven't gone through the official ClawHub (OpenClaw’s skill marketplace) or before they started collaborating with VirusTotal. Think of it as, if it's on the public internet, BreachClaw will find it. You can check it out here: breachclaw.ai If you like the concept and think it's a useful tool for the community, I would really appreciate a repost or if there is a functionality I should add let me know in the comments. 🫶 🦞

it's a shame MCP seems already dead, I kinda liked the concept but I guess CLI is king

I often get asked, how do you manage to work while constantly on the road? I'm not gonna lie, it's not always easy. Back in the day, I used to think that I needed at least two to three monitors, a standing desk, and a perfectly fine-tuned setup to be able to work. But the truth is, with time, our body, and our mind adapts to pretty much anything. This seemed to be impossible previously. But now I can pretty much whip up my laptop anywhere, have a coffee, put in my noise-canceling airpods in, and get in the zone and get work done. I think if we allow our body and our working style some time to adjust, any work setup is doable and can bring good results. And when I really need two screens, especially for programming, I use an inexpensive portable monitor. In hindsight, having a perfect work setup is just an excuse I used to make. But if you're engaged and you like what you do, a laptop and a camping chair will do just fine.

Or like a noob Thank you @conductor_build 😅

Why I hate social media. 👇 👇 👇

Kali just published a guide on piping pentesting tools through Claude's API and didn't mention data security once. You're sending scan results, target info, and potentially sensitive findings to a third party LLM. "The Most Advanced Penetration Testing Distribution" should probably mention that. x.com/kalilinux/stat…

I'm part of the problem. So recently I started sharing a few quirks that I encountered while using AI, mostly around prompt engineering. And by all means, I'm not saying I'm an expert. But I would say that most of my time is spent writing (vibe) code. I'll link my Windsurf stats for the month below. But what really surprised me was the utter nonsense comments that I got from some people on my posts. I felt that, to me, those people try to build a pseudo understanding on AI using fancy words like "pattern matching", "tokens" and what not. Which is cool, but going and preaching on the internet with convoluted messages that make no sense, I believe is a waste of time. I see AI like cars. If you're not an experienced mechanical engineer, you won't be able to take apart and put together a modern vehicle by yourself. What you can do instead is learn to drive it properly. I think rather than wasting time on pseudo understanding AI, I learn what I really need to and then try to use this amazing technology to create something useful. At least those are my two cents. Happy Friday.

@vxdb There is only one option: keypass.

What password manager do you use? I wanna see if anyone is moving away from 1Password since the price increase

@infosec_fox Which AI experts? Those on LinkedIn? 🤣

AI experts say the only job left might be plumbing?

I agree this is all great, but I think there is an underestimation about bugs and mistakes. Look at history. Look at the Toyota production line, where everything was so perfect, and just a small mistake propagated through the production line and almost bankrupted the company.

you basically need to be unemployed rn to keep up

Not gonna lie, didn't expect this... I thought that AI slop was the current biggest problem. Didn't expect my AI to read all my environment variables, even though I declined the command... For those that don't know, environment variables often have very sensitive information like API keys and other secrets. Having them read by an AI is equivalent to a breach. (In my opinion, at least.) Thankfully, this was just in the development environment. Anyway, I'll add this one-liner to my global rules, hopefully this will prevent it from happening again. "Never use bash commands to read .gitignore-protected files; if read_file is blocked, respect that protection." And in the meantime, I'll go and rotate all my secrets and API keys. 🤦‍♂️

we desperately need a new season of silicon valley. the ai era alone would carry 3 seasons

The more we progress in Gen AI, the more noise is becoming a problem. This is the simple framework I follow to combat that: For every signal I see, I ask myself, "Is this relevant?" If yes, what is the real security impact for our customers, not theoretical, real impact? If there is none, I discard and move on. I think the more we use AI, the harsher we need to become with cutting noise. Remember, for every false positive, there is someone that needs to clean it up. P.S. @rivanorthSec Oko does the cleaning for you 😉

@0xTib3rius Gotta sprinkle a bit of slop in though 😅

Software development in 2026.

SAST is (finally) dead

In my career as a Penetration Tester, the biggest vulnerability that I continuously used to find in modern applications was business logic vulnerabilities. So whenever I write a new feature in @rivanorthSec Oko, I always try to be very careful not to introduce any of those vulnerabilities. The easiest way I found to review a feature and make sure it works as designed was to get a visual representation of it. After writing code for hours, I often get tired and need to change it up. So I crafted this prompt that reviews my code based on the actual code that was written, not based on an LLM's memory. This helps ensure it doesn't hallucinate and tell you what it thinks it wrote instead of what's actually there. I also instructed it to show me the output in a graphical format with diagrams and flow charts. This approach has helped me a heap to make sure that all the code I write is as secure as possible. Here is the prompt that I've been using, feel free to copy it into your workflow 👇 Re-read the code you just wrote and create a write-up explaining: - How the functionality works - All possible cases and their outcomes - Base this on the actual code, not memory - Use a graphical format (diagram/flowchart) to show the flows

When I started creating content, I saw so much misleading advice: "You must post a minimum of three times a day on all platforms, blah blah blah." This held me back for a long time before I started posting. Until I just started to do it. I told myself, "I'm going to start with one post a week; that seems achievable, and never stop." This is what I've done so far. It's fair to say it's become part of my routine, and I even enjoy it. This has taught me, I think, the most important lesson, at least for myself: I don't create content to become viral. I think it's an amazing tool to stay in touch with people you otherwise wouldn't and form new connections. Thanks to regular posting, I've met some incredible people whom I wouldn't have had the opportunity to meet otherwise.