Daniel Karistai

"The only way to deal with an unfree world is to become so absolutely free that your very existence is an act of rebellion." - Albert Camus

👀 The first 700 people to buy tickets get an exclusive BSides Nashville challenge coin! Sneak peak: eventbrite.com/e/bsides-nashv…

I respect that the leaked source code for the @claudeai client is protected by copyright. But wouldn’t it be ok for me to train my LLM on it? You know, fair use and all that. Asking for a friend.

🚨 BREAKING: OpenAI and Google are about to have a massive legal problem. OpenAI, Google, and Anthropic have repeatedly sworn to courts that their models do not store exact copies of copyrighted books. They claim their "safety training" prevents regurgitation. Researchers just dropped a paper called "Alignment Whack-a-Mole" that proves otherwise. They didn't use complex jailbreaks or malicious prompts. They just took GPT-4o, Gemini, and DeepSeek, and fine-tuned them on a normal, benign task: expanding plot summaries into full text. The safety guardrails instantly collapsed. Without ever seeing the actual book text in the prompt, the models started spitting out exact, verbatim copies of copyrighted books. Up to 90% of entire novels, word-for-word. Continuous passages exceeding 460 words at a time. But here is the part that changes everything. They fine-tuned a model exclusively on Haruki Murakami novels. It didn't just learn Murakami. It unlocked the verbatim text of over 30 completely unrelated authors across different genres. The AI wasn't learning the text during fine-tuning. The text was already permanently trapped inside its weights from pre-training. The fine-tuning just turned off the filter. It gets worse. They tested models from three completely different tech giants. All three had memorized the exact same books, in the exact same spots. A 90% overlap. It's a fundamental, industry-wide vulnerability. For years, AI companies have argued in court that their models are just "learning patterns," not storing raw data. This paper provides the smoking gun.

Pride night at the sports puck event. Y’all means all 🏳️‍🌈!

@cantcomputer Or burned out ones who do not care to get published anymore.

@HackingDave Is this the robot trying to say it’s tired of talking about it right now? 😂

I feel like I'm getting these much more often now... ✢ Compacting conversation… (58s · ↑ 336 tokens)

Yeah, it’s how everyone talks about Copilot that needs the improvement here. Not the actual product. 😂

@HackingDave Oh I had to remove anything coconut or vanilla scented in my home because somehow, some way, my damn boxer would get into it. 🤣

My dog is completely notorious of eating bars of soap, she just ate another bar of soap again today.. if we don't lock our bedroom up, those bar of soaps are toast 😂

@sysadafterdark So, basically everyone but TP-Link will apply for and receive "conditional approval" to sell their new products?

The FCC has banned all foreign made consumer routers. fcc.gov/document/fcc-u…

CISA published an advisory on endpoint hardening after Stryker. The RBAC guidance is solid. Multi Admin Approval for Intune is not a complete solution either. An attacker with Global Admin can create the second approver account themselves. That is a five minute delay, not a defense. What actually stops this: no standing GA roles, PIM with fresh FIDO2 at activation, and a session revocation circuit breaker that fires the moment bulk wipes start. We have been on Handala/Stryker since March 12. Here is what CISA got right and what they missed. threathunter.ai/blog/cisa-got-… #Stryker #Handala #CISAAlert #IdentitySecurity #MDR

Hey infosec frens! I need a speaker for May SecKC, one of our speakers had a work schedule change that is going to cause him to be unable to attend. Let me know if you are interested in coming to KC and giving a talk; we can pay for travel and we shall feed thee!! Thanks all!

@HackingDave When I considered turning my Mac mini into a little assistant, I could not define a personal use case that didn’t feel gimmicky or was just another reminder to set for myself. 🤷‍♂️

I still don’t understand the whole AI personal assistant thing. I’ve really tried - I don’t want to give AI access to emails, calendar.. I tried perplexity with a Mac mini - it was awful. Zero use that I can see. What am I missing? Claude is amazing - my mind to code is incredible. This whole AI personal assistant that runs your workflows… I run multiple companies and already have pulse checks on it all.. just don’t see the need or any major gain.

I love people with ADHD because they never actually forget anything. You just have to say the right words to activate them like a sleeper cell and then they awaken with all of the knowledge on a very niche subject they studied for 3 months straight 6 years ago.

When your boss says "we'll get it done somehow" and you realize you're the somehow

We’re excited to welcome @SentinelOne as a Silver Sponsor! 🎉 SentinelOne is a global leader in AI-native cybersecurity. Its Singularity™ Platform detects, prevents, and responds to cyberattacks at machine speed. Learn more at sentinelone.com

Make the Microsoft CEO search for an email on Outlook live on camera

I wonder what the strategy will be to fund all of this.

Cheers to another trip around the sun. Feeling grateful, curious, and excited about this next go around. 🥳☕️🌮