Daniel Rabinovich

@sec_hub93028 Agent based - majority of the work will be giving good context to agents to do the best possible work.

How will the cybersecurity industry look like in five years? Agent based? AI assisted? No AI?

@OpenAINewsroom Infinite money glitch: use 5.5 with a harness

We’re introducing a Bio Bug Bounty for GPT‑5.5 and accepting applications In our ongoing work to strengthen our safeguards for advanced AI capabilities in biology, we’re inviting researchers with experience in AI red teaming, security, or biosecurity to try to find a universal jailbreak that can defeat our 5-question bio safety challenge. Learn more in our blog ⬇️ openai.com/index/gpt-5-5-…

@foundrceo @ycombinator @mindfort This is coming in the next update

@ycombinator @mindfort hope their ai doesnt patch my social life too 💀

Congrats to @mindfort on their $3M seed! They're building autonomous AI agents that find, validate, and patch vulnerabilities in production software. Their agents run pentests on every CI/CD push, chain vulnerabilities into working proofs of exploit, and ship fixes as pull requests. mindfort.ai/blog/seed-anno…

So hyped.

We're excited to announce MindFort has raised 3M+ from @ycombinator , @Soma_Capital , + more to build the fastest way to deploy security agents. Try it today: mindfort.ai Proud of the team @BVeiseh @AkulGupta30 @andrewchough

Introducing Bud. The first AI Human Emulator. Bud has a full computer with storage, compute, and memory to build and code, sms and telegram to communicate, a full browser to use, can create/store/edit files, connect and use your tools, learn custom skills, work fully autonomously, and complete any task end to end just like a human. Text the number below or try free at bud [dot] app. Comment for 100k free credits.

@abhitwt Cybersecurity

i am a Vibe Coder, scare me with one word

@Jr0dR87 Socrates

Crazy idea. Maybe companies need to spend more time getting basic security controls set up like MFA for every user, before focusing on AI.

@hackSultan Bro this doesn’t work, wait till you get hundreds of false positives too. Try to separate real vulns from non real ones. Takes more time than using an actual tool.

If you’re vibecoding anything, paste the prompt below In your prompt box and let your agent do a security sweep. [ You are a senior security engineer and red-team specialist tasked with performing a comprehensive, adversarial security audit of the following codebase, system design, or application. Your goal is to identify all possible security vulnerabilities, including common, uncommon, and novel attack vectors. Assume the system will be deployed in a hostile environment with motivated attackers. --- AUDIT SCOPE Analyze the system across all layers, including: - Frontend (UI, client logic, browser storage) - Backend (APIs, business logic, services) - Authentication and authorization flows - Database interactions and storage - Infrastructure and deployment assumptions - Third-party integrations and dependencies --- CORE OBJECTIVES 1. Identify critical, high, medium, and low severity vulnerabilities 2. Detect logic flaws, not just known patterns 3. Surface chained attack paths (multi-step exploits) 4. Highlight unknown or unconventional weaknesses 5. Assume attacker creativity beyond standard checklists --- THREAT MODELING - Define possible attacker profiles (anonymous user, authenticated user, insider, API consumer) - Identify entry points and trust boundaries - Map out sensitive assets (data, tokens, permissions, secrets) --- VULNERABILITY ANALYSIS Check for (but do NOT limit yourself to): ### Authentication & Authorization - Broken auth, weak session management - Privilege escalation (vertical and horizontal) - Insecure password reset flows - Token leakage or reuse ### Input Handling - Injection attacks (SQL, NoSQL, OS command, template injection) - XSS (stored, reflected, DOM-based) - CSRF vulnerabilities - File upload exploits ### Data Security - Sensitive data exposure - Weak encryption or misuse of cryptography - Hardcoded secrets or keys - Insecure storage (localStorage, cookies, logs) ### API & Backend Logic - Broken object-level authorization (IDOR/BOLA) - Mass assignment vulnerabilities - Rate limiting issues / brute force risks - Business logic abuse (race conditions, double spending, bypassing checks) ### Infrastructure & Configuration - Misconfigured headers (CORS, CSP, HSTS) - Open ports, debug endpoints, admin panels - Environment variable leaks - Cloud/storage misconfigurations ### Dependencies & Supply Chain - Vulnerable packages - Unsafe imports or execution - Malicious dependency risks --- ADVANCED / UNKNOWN THREATS Actively attempt to discover: - Non-obvious logic flaws unique to this system - Feature abuse scenarios - State desynchronization issues - Cache poisoning - Replay attacks - Timing attacks - Multi-step exploit chains combining low-severity issues - Any behavior that “shouldn’t be possible” but is --- ADVERSARIAL TESTING MINDSET - Think like an attacker trying to break assumptions - Attempt to bypass validations and safeguards - Manipulate edge cases and unexpected inputs - Explore how different components interact under stress -- OUTPUT FORMAT Provide findings in this structure: ### 1. Vulnerability Summary - Total issues by severity ### 2. Detailed Findings For each vulnerability: - Title - Severity (Critical / High / Medium / Low) - Affected component - Description - Exploitation scenario (step-by-step) - Impact - Recommended fix ### 3. Attack Chains - Show how multiple minor issues could be combined into a major exploit ### 4. Secure Design Recommendations - Architectural improvements - Safer patterns and best practices --- IMPORTANT INSTRUCTIONS - Do NOT assume the code is safe - Do NOT skip analysis due to missing context, infer risks where needed - Be exhaustive and paranoid in your review - If unsure, flag it as a potential risk and explain why ]

@h4x0r_dz Lmao 1000% wait till open source models get good in a few months

We will see more hacks than ever because people are gonna rely on AI

We raised from @AforeVC and @_LeapYear_ to build the next layer that product teams will ship through. Try it free: useswarm.co

@shiri_shh If only lovable had capabilities to use agents to test their endpoints like real hackers would... wait.

Vercel got hit yesterday… and Lovable is the NEXT one on fire RIGHT NOW. Any free user can read your full codebase, prod creds, AI chat histories, and live customer records if you built before Nov 2025. precisely why Anthropic is holding Claude Mythos back from the public. Their new model is scary good at hacking and finding zero-days.

Free pen test from @mindfort to anyone who uses vercel :)

@shiri_shh another reason why securing yourself now with agents is the best way to fight against them

VERCEL just got breached. They’re selling internal DB + employee accounts + GitHub/NPM tokens for $2M on BreachForums. looks like someone got early access to Claude Mythos 💀

@sflorimm recursively learning agents for security mindfort.ai

what are you building right now? Describe it in 5 words max + link. I’ll rate it out of 10. and no, don't be afraid that someone will steal your idea, there are limitless ideas spreading right now.

Coming from an SEO, this doesn't actually mean anything. This doesn't = getting cited by LLMs magically. Cloudflare is fine, and prob won't even use their own tool. Remember, LLMs.txt was also a fad.

@0xRyushe @theo lmao wait until you try cybersecurity

@theo Solved everything I've thrown at it so far. (currently working low level with android software) So, I'd say pretty good

How are people feeling about opus 4.7 so far?

1 week @mindfort

So sick