Security Rebel

LLMs are trained on how we speak, think, and feel. That means they can be manipulated just like people. Social engineering isn’t just a human weakness anymore, it’s also an AI vulnerability. Let’s break down how this happens.

Did I miss something, or is Claude Code suddenly all over X?

Creation starts with understanding failure. Secure code reviewers are built for the agentic era.

@darasoba This is a great piece, and I agree with the emphasis on the ethics. Responsible design and security must be baked into the foundation of how we build and guide AI systems, not something we duct-tape on at the end.

The designer’s playbook for designing AI products. medium.com/design-bootcam…

Reality is getting blurrier by the day

🤖 Hacken’s DevOps AI-Agent CTF is LIVE! Think you can outsmart an AI agent? Now’s your chance to prove it. Explore real AI agent attack surfaces. Solve red-team challenges. Compete for a $500 USDC prize. Whether you’re into offensive security or just curious about AI exploits – this one’s for you. ▫️ Capture the Flag until November 10 ▫️ Prize: 500 USDC ▫️ Hosted on: hackenlabs.com ▫️ Submit flags via: hackenlabs@proton.me 👉 Read the blog for full details and rules: hackenio.cc/ai-ctf Let the flag hunt begin.

For #CybersecurityAwarenessMonth, @5m477 moderated a panel on AI × Web3: how they intersect, what’s next, and where security must evolve. 1.5 hours of insights from leaders at @quranium_org, @NEARProtocol, @SecretNetwork, and Next Encrypt. Scroll down for more takeaways 👇

Holy shit. MIT just built an AI that can rewrite its own code to get smarter 🤯 It’s called SEAL (Self-Adapting Language Models). Instead of humans fine-tuning it, SEAL reads new info, rewrites it in its own words, and runs gradient updates on itself literally performing self-directed learning. The results? ✅ +40% boost in factual recall ✅ Outperforms GPT-4.1 using data it generated *itself* ✅ Learns new tasks without any human in the loop LLMs that finetune themselves are no longer sci-fi. We just entered the age of self-evolving models. Paper: jyopari. github. io/posts/seal

It’s #CybersecurityAwarenessMonth, and we’re diving headfirst into AI Security. Tomorrow’s panel’s set to break down on-chain AI. Together with pros from @NEARProtocol, @quranium_org, @SecretNetwork, and Next Encrypt, moderated by our AI Audits Lead @5m477. Register 👇

Is AI in Web3 an asset or an attack surface? For #CybersecurityAwarenessMonth, experts from Next Encrypt, @NEARProtocol, @quranium_org, and @SecretNetwork – moderated by @5m477 – dissect where AI lives in Web3. From DAOs to risk: all about securing AI on-chain. Register 👇

#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/6

Novel jailbreak discovered. Not only does OpenAi putting your name in the system prompt impact the way GPT responds, but it also opens the model up to a prompt INSERTION. Not injection. You can insert a trigger into the actual system prompt, which makes it nigh indefensible.

Free domains are cool, but they can also open the door to free phishing, malware, and brand fakes. Accessibility is great, but I hope security isn’t an afterthought. Anyways it’s open-source so…

Fix this: New Feature “COMING SOON”

I tested ChatGPT 5 and Grok 4 with same critical prompts. The results will blow your mind. ChatGPT 5 Vs. Grok 4 (Video demos are included)

we hijacked microsoft's copilot studio agents and got them to spill out their private knowledge, reveal their tools and let us use them to dump full crm records these are autonomous agents.. no human in the loop #DEFCON #BHUSA @tamirishaysh

Methodical input/output sanitization might just save your tech 🧼 Get into the nuances of AI safety with @5m477 --> youtu.be/9V80CCNjLOY

To quote @jerh17, 2025 so far is a wake-up call. Our experts, including @muststopye and @5m477, shared their insights with @euroweeklynews on the state and future of Web3 security. euroweeklynews.com/2025/07/24/web…

LLMs are the new attack surface 💣 Our latest podcast episode with @5m477 from @hackenclub goes deep into the hidden vulnerabilities in AI 🎥 Don’t build blind. Watch now. → youtu.be/9V80CCNjLOY

Security iseveryone’s job.
If you're loading AI models, you're deploying software. Treat it like code from the internet, because it is.

How to protect yourself:
Prefer safe formats like safetensors, ONNX, or GGUF
Never enable trust_remote_code unless you know what you're doing
Run new models in a sandbox first
Inspect scripts and loaders
Pin model versions and scan PRs

If you're using Ollama, LLM Studio, or downloading .pt, .pkl, or .safetensors files this thread is for you. Here's how attackers can turn models into malware… and how to protect yourself: AI models aren't "just data" anymore.