Sabitlenmiş Tweet
“If a man does not know to what port he is steering, no wind is favorable to him.” - Seneca
English
Adam Dudley
178 posts
Adam Dudley
@AdamDudleyX
Building an open source MCP security scanner. VP & CoS at Nucleus Security. Vulnerability & exposure management, RBVM, AI in cybersecurity. Opinions are my own.
Sarasota, Florida Katılım Şubat 2022
100 Takip Edilen35 Takipçiler
Honestly, even if AI does not improve at all from now on, the capabilities it has right now would be enough to keep me occupied for the rest of my life with all the projects I have on my mind.
English
Breakdown of mcp-audit, my open source MCP security project, and what shipped in v0.8.0 this weekend. Early feedback from an AI security researcher on X: "the shadow + killchain combo is exactly what's needed right now. most teams have no idea how many MCP servers are actually running in their dev environments. nice work shipping this open source" medium.com/p/mcp-audit-wh…
English
@AdamDudleyX the shadow + killchain combo is exactly what's needed right now. most teams have no idea how many MCP servers are actually running in their dev environments. nice work shipping this open source
English
mcp-audit v0.8.0 ships four commands:
shadow → find every MCP server you didn't authorize
killchain → cut the most attack paths with the fewest changes
diff → security-aware PR reviews for MCP configs
snapshot → signed forensic exports for incident response
open source, no telemetry
English
mcp-audit v0.7.0. TypeScript SAST: 18→29 rules, 7 new categories — stack trace disclosure, credential logging, description poisoning, all-interfaces binding. Scoring weights now configurable via policy YAML. Registry at 75 known-good packages. github.com/adudley78/mcp-…
English
“Everything feels possible…”. Good description of the experience. I still like my coding and planning experiences separate with Cowork and Cursor for now. Could change.
Tyler Bea@skibumtrading
The Codex app is just good. Until recently, I was more-so a terminal based Claude Code and Codex user, but much less-so now. Everything feels possible inside the Codex app, no separation between coding and "coworking." In Codex, it's all right there. Super intuitive user experience.
English
If you suspect your agent is missing key context for the most complete picture to provide the best possible help, ask it what's missing, and it will tell you.
English
OpenAI's GPT-5.5 just matched Claude Mythos in a controlled cyber range.
A 12-hour expert-level task was solved in under 11 minutes for $1.73.
Frontier cyber AI is here.
AI Security Institute@AISecurityInst
OpenAI’s GPT-5.5 is the second model to complete one of our multi-step cyber-attack simulations end-to-end 🧵
English
@TheRealAdamG It does seem to be that yes. Impressive how capable Codex with tool use.
English
mcp-audit v0.6.0. TypeScript SAST now covers path traversal, SQL injection, and SSRF — 7 new rules, 11→18 TS total. Plus Bearer auth for --connect and a real fleet dashboard to replace the old table output. github.com/adudley78/mcp-…
English
Adam Dudley retweetledi
Join Nucleus Security at Detect & Defend 2026.
We’ll be in Fürstenfeld on May 6 connecting with cybersecurity leaders and sharing how to turn vulnerability data into clear, actionable risk decisions.
If you’re attending, let’s connect.
English
Adam Dudley retweetledi
What can you know before CISA KEV?
Explore the exploitability intelligence gap and how PoC, EPSS & AI reveal risk earlier than KEV listings.
Join us May 6: hubs.la/Q04f3XYg0
English
Adam Dudley retweetledi
Public sector teams: turn vulnerability insight into impact.
Join us + @Carahsoft May 12, 2PM EDT to cut noise, reduce backlog & prioritize real risk.
🎓 Earn 1 CPE
👉 hubs.la/Q04dWB5f0
English
Good reminder!
Andrej Karpathy@karpathy
This is the the quote I've been citing a lot recently.
English
Source: IBM, 'The Mythos moment when discovery outpaces defense' ibm.com/think/insights…
English
IBM: "For the first time, response is the constraint, not discovery."In 2026? @nucleussec has solved for this since 2019. Kenna named the gap years earlier. Scanners have always outproduced human triage. Mythos didn't shift the constraint. It made it louder.
English
mcp-audit v0.5.1. The typosquatting scanner was flagging too many short package names. Tightened the threshold for ≤5 char names from 3 edits to 1. Real detections still fire. Noise doesn't. Also: Windows extension scanning + recursive fleet --dir. github.com/adudley78/mcp-…
English