Bill Demirkapi

Just Published 👉 Secrets and Shadows: Leveraging Big Data for Vulnerability Discovery at Scale! Impacted orgs include CrowdStrike, Samsung, Google, Amazon, the NY Times, and many, many more. billdemirkapi.me/leveraging-big…

@kiddo_pwn Sorry :( x.com/BillDemirkapi/…

RIP for all 6 entries. The last-minute patch turned out quite solid. So I decided to give my exploit a proper goodbye. Enjoy! github.com/kiddo-pwn/ffff…

@qriousec @trichimtrich @lanleft_ @wiz1340 Sorry, we discovered this bug with GPT 5.5 during evaluations. It was too serious to sit on. @eqrion & team responded quickly- patched only 4 days from report.

The released firefox 150.0.3 today has killed our renderer exploit component, since only 1 day left we have no choice but withdrawal our entry.Kudos to our teammate @trichimtrich , @lanleft_ and @wiz1340 for their hard works that created 2 fullchains work flawlessly from firefox 147-150.0.2 ( 4m+ alive) but was being killed one week and 1 day before the event Good luck for the rest of participants! And thanks everyone for wishing us luck 🙏 Like usual, we will share writeup in future when the affected version is irrelevant, Cheers!

The security industry is entering a period of compression. Model cybersecurity capabilities are rapidly increasing, and it's critical we arm defenders with the tools they need to protect what matters most. We're launching two models today: GPT-5.5 with TAC (Trusted Access for Cyber) GPT-5.5-Cyber (Limited Preview) GPT-5.5 is our starting point for most defensive workflows. It's exceedingly good at cybersecurity workflows and tasks like secure code review, vulnerability triage, detection engineering, malware analysis, and patch validation. We think this model is the right starting place for most organizations. GPT-5.5-Cyber is exceptional for authorized workflows, including red teaming, penetration testing, and controlled validation. It's in research preview for specific organizations and requires enhanced verification and account-level controls. We expect to continue to accelerate defenders with various models, including both our flagship models through Trusted Access for Cyber, and with dedicated cyber models like GPT‑5.5‑Cyber and even more cyber-capable models in the future. openai.com/index/gpt-5-5-…

@dez_ @dwizzzleMSFT Congrats! Lots of potential in scaling agents across decades of legacy code. Glad to see Microsoft's investment.

New adventure: wrapped week one at Microsoft Security! Working alongside @dwizzzleMSFT, who I plan to annoy with a backlog of questions. Excited to work on AI and security at planet scale 🤓

OpenAI’s GPT-5.5 is the second model to complete one of our multi-step cyber-attack simulations end-to-end 🧵

We've released a new 5-point action plan for strengthening cyber defense. AI is reshaping cybersecurity. The same capabilities that help defenders may be used by malicious actors. One approach is to treat these systems as too dangerous for broad defensive use and limit them to a very small number of approved partners. We think that misses the central challenge. Attackers won’t wait. Existing models are already useful for many cyber workflows and capabilities will keep advancing. Criminal groups will adopt whatever tools are available. The best way to reduce national risk is to responsibly equip and accelerate trusted defenders faster than adversaries can adapt. Check out our plan ⬇️ openai.com/index/cybersec…

The amount of squabbling over bugs, bug quality, AI bug extermination, how security is doomed/not doomed/unchanged/improved based on bugs… it’s ridiculous. Bugs are not the totality of cybersecurity.

The biggest opportunity for would-be startup founders is AI. But the most underpriced opportunity is probably non-AI ideas. So if you have a good non-AI idea, go for it, because everyone else is going to overlook it.

I wouldn’t mind if we held everyone to the same standard.

this is unfortunately very real. the volume of distillation of western frontier models from threat actors attributed to China is an order of magnitude larger than any other nation.

The U.S. has evidence that foreign entities, primarily in China, are running industrial-scale distillation campaigns to steal American AI. We will be taking action to protect American innovation. These foreign entities are using tens of thousands of proxies and jailbreaking techniques in coordinated campaigns to systematically extract American breakthroughs. Foreign entities who build on such fragile foundations should have little confidence in the integrity and reliability of the models they produce. The U.S. government is committed to the free and fair development of AI technologies across a competitive ecosystem, from open-source to proprietary models. Read the memo: whitehouse.gov/wp-content/upl…

Anthropic’s Mythos raised the bar for AI vuln detection but kept it invite-only. GPT-5.5 is OpenAI’s answer, and it’s open to all. We had early access. Ran the benchmarks. Blackbox GPT-5.5 already beats whitebox GPT-5. Best pentesting model we’ve tested. Read our analysis: bit.ly/48OX7v6

Introducing GPT-5.5 A new class of intelligence for real work and powering agents, built to understand complex goals, use tools, check its work, and carry more tasks through to completion. It marks a new way of getting computer work done. Now available in ChatGPT and Codex.

We’re expanding Trusted Access for Cyber with additional tiers for authenticated cybersecurity defenders. Customers in the highest tiers can request access to GPT-5.4-Cyber, a version of GPT-5.4 fine-tuned for cybersecurity use cases, enabling more advanced defensive workflows. openai.com/index/scaling-…

@HaifeiLi Thanks Haifei! It’s real.

@BillDemirkapi Oh, so it's not an April fool joke? Then Congrats man!:)

When OpenAI released ChatGPT, I was among the millions captivated by what we (humanity) achieved. Truly honored to join the mission to accelerate human progress safely @OpenAI Preparedness and stand on the shoulder of giants at a pivotal moment for agentic security.

Intel SGX has fallen! Its most important key is in our hands: we extracted the Global Wrapping Key from an instance of the Intel Gemini Lake platform

AI is very good at writing code and dangerously mediocre at building software.