Elissa

@galnagli Important point that each compromise only empowers the hackers with more data to do it again.

The open source supply chain is collapsing in on itself. Trivy gets compromised → LiteLLM gets compromised → credentials from tens of thousands of environments end up in attacker hands → and those credentials lead to the next compromise. We are stuck in a loop.

PSA, LiteLLM has been compromised

@ericgeller This is a very strong move but it's warranted.

The FCC today updated its list of products that can't be sold in the U.S. to include *all* consumer routers made in foreign countries. It's a big but potentially disruptive move to limit supply-chain security risks to U.S. networks. docs.fcc.gov/public/attachm…

@ZackKorman These AI security platforms were all rushed to market.

NVIDIA fixed NemoClaw to "prevent the sandboxed AI agent from modifying gateway security settings (openclaw.json)" Except it didn't work. The AI can just make a copy of the settings and restart pointing at that new config. Same result. They're really struggling with the basics.

any nontechnical folks want to get more comfortable/powerful in their use of AI and want to be a beta user on something I made?

@vxunderground I'm not mad but it's just stale content. I expect something more technical or fresh for BSidesSF. No one wants gender discourse at a security event in 2026.

Meanwhile in San Francisco:

When I first saw this, I was nervous that an official rep from NVIDIA said this. It's more than just communicating. I'm over here trying to make sense of the different agent security platforms. There is a new one every day, all full of promises. I appreciate info like this on where they are vulnerable, and what those vulnerabilities suggest about the overall security posture.

@ElissaBeth Yea that too. I am communicating. I didn’t know that was bad

I can’t believe someone told me to send patches not tweets about THE LARGEST COMPANY IN THE WORLD. Nvidia chose to use security as a marketing gimmick while not putting in the work. The issue I found was trivial. I’m not rewarding that by fixing it for them.

There are so many people who don't care. That's very real. But being a security and privacy advocate means that we represent all the people who do care but aren't loud about it. Also, as you suggest, maybe this will be bad. Seems worthwhile to keep our eyes open, and also try to build something better.

One rebuttal to this is: who cares! Maybe this is just how the world will work now. We can even build models that track and advertise to you “privately” meaning they read all your confidential data and just use it to sell you the right soap. Is that so bad?

I want to continue a bit on this subject, which (so far) I see very little concern about. There are vast stores of private data that we’ve built up in various places, including messaging apps. A real “killer app” for Gen AI is to ingest them and turn that data into revenue.

New York is about to make a $28.5B mistake #QSBS NY Senate Bill S8921 would tax startup gains that are tax-free federally and in most states. Retroactive to Jan 1, 2025. The data on what's at stake: 1. $28.5B in NYC VC investment in 2024 (2nd in the US) 2. $174.5B in startup

@nihalmehta @EniacVC @TechNYC These retroactive taxes are alarming.

New York is about to make a massive mistake. The NY State Senate is advancing a proposal to decouple from federal QSBS (Section 1202) — the tax provision that lets startup founders exclude gains on qualifying exits. If this passes, founders would owe 10-13% in combined state and city tax on exits that are tax-free at the federal level and in nearly every other major tech state. Even worse: it's retroactive to January 1, 2025. This comes right as the federal government just expanded QSBS benefits and New Jersey moved to full conformity. New York wants to go in the opposite direction. As a seed investor in NYC who has backed hundreds of companies, I can tell you: founders are mobile. If New York becomes one of the most punitive states for startup exits, the best founders will simply build somewhere else — and the jobs, tax revenue, and innovation will follow. NYC has built something special over the last two decades. This proposal puts it all at risk for a short-sighted revenue grab. If you're a founder, investor, or anyone who cares about the NYC tech ecosystem — please sign the TechNYC open letter before Monday below 👇🏾👇🏾👇🏾 Keep building, NYC 🗽

@ZackKorman Yeah, the AI doing weird stuff on its own is definitely the core use case.

@ElissaBeth Yep! Also sometimes none of that is needed. Sometimes ai just does weird stuff on its own just to solve some problem

NVIDIA Nemoclaw's security is worse than I expected. The AI can modify its own config to bypass security controls. I asked it to accept websocket connections from any origin and change its token to something trivial (123). Now any site I visit can give instructions to my bot.

A hacker can also infiltrate your "zero trust" perimeter and tell it to do dumb things. This is often lost in the security discussions but it's not an obscure edge case. It's not that hard these days for a hacker, or whoever to get inside systems and it's also possible to steal credentials.

To avoid confusion here: Yes, this is me telling the ai to do the dumb thing. But the point is that if I can tell it to do that, it also might do it on its own, or it might ingest some injection that tricks it to do this. You don’t want your “secure” ai agent to be able to open you up like this.

@ohryansbelt Gotta watch that supply chain. good work by DeepDelver but a very large number of people had eyes on this company and noticed or said nothing

Delve, a YC-backed compliance startup that raised $32 million, has been accused of systematically faking SOC 2, ISO 27001, HIPAA, and GDPR compliance reports for hundreds of clients. According to a detailed Substack investigation by DeepDelver, a leaked Google spreadsheet containing links to hundreds of confidential draft audit reports revealed that Delve generates auditor conclusions before any auditor reviews evidence, uses the same template across 99.8% of reports, and relies on Indian certification mills operating through empty US shells instead of the "US-based CPA firms" they advertise. Here's the breakdown: > 493 out of 494 leaked SOC 2 reports allegedly contain identical boilerplate text, including the same grammatical errors and nonsensical sentences, with only a company name, logo, org chart, and signature swapped in > Auditor conclusions and test procedures are reportedly pre-written in draft reports before clients even provide their company description, which would violate AICPA independence rules requiring auditors to independently design tests and form conclusions > All 259 Type II reports claim zero security incidents, zero personnel changes, zero customer terminations, and zero cyber incidents during the observation period, with identical "unable to test" conclusions across every client > Delve's "US-based auditors" are actually Accorp and Gradient, described as Indian certification mills operating through US shell entities. 99%+ of clients reportedly went through one of these two firms over the past 6 months > The platform allegedly publishes fully populated trust pages claiming vulnerability scanning, pentesting, and data recovery simulations before any compliance work has been done > Delve pre-fabricates board meeting minutes, risk assessments, security incident simulations, and employee evidence that clients can adopt with a single click, according to the author > Most "integrations" are just containers for manual screenshots with no actual API connections. The author describes the platform as a "SOC 2 template pack with a thin SaaS wrapper" > When the leak was exposed, CEO Karun Kaushik emailed clients calling the allegations "falsified claims" from an "AI-generated email" and stated no sensitive data was accessed, while the reports themselves contained private signatures and confidential architecture diagrams > Companies relying on these reports could face criminal liability under HIPAA and fines up to 4% of global revenue under GDPR for compliance violations they believed were resolved > When clients threaten to leave, Delve reportedly pairs them with an external vCISO for manual off-platform work, which the author argues proves their own platform can't deliver real compliance > Delve's sales price dropped from $15,000 to $6,000 with ISO 27001 and a penetration test thrown in when a client mentioned considering a competitor

@TalBeerySec @matthew_d_green @simonw This excellent @simonw piece is well worth the re-read, and amplifying for folks who haven't seen it before. Thanks @TalBeerySec.

@matthew_d_green @ElissaBeth A known @simonw adage claims "You can’t solve AI security problems with more AI" simonwillison.net/2022/Sep/17/pr…

A lot of people think the solution to “private AIs” is to just TEEs. This is already the approach being deployed by Meta, Apple and Google. I think that’s important, but not really a solution. The problem is that for agentic AI, agents need to interact with the real world.

@0xMatt This is a very good PSA

Confused that you have strong DKIM/DMARC rules & configured SPF, yet people are still spoofing your CEO's mail in fraud attempts? This may be because you included Salesforce, Mailchimp, or other SaaS in your SPF. Abusers can use free/fraudulent accounts there to spam "as" you.

Yeshiva World News was just hacked by Iran, and its homepage replaced with an ugly message. If you believe you or your team is at risk of a cyber attack from Iran, please get in touch. I'm working with a large Jewish non-profit today to establish both basic and advanced security protocols. Happy to help you as well.

@smolotnikov I like this a lot. I don't see a link to try it out - is it available to the public?

If AI is going to participate in our thinking, we need to build systems that keep humans in charge of the important choices. I built Priori, an interface for human-AI collaboration, toward that goal last year.

@michaelxbloch I agree with this. We're now asking engineers to produce significantly more work. The best engineers will gravitate towards the best offers. (Comp isn't the only aspect but it does matter.)

Agree on 6 years. But vesting is only half the equation. If 10 people are building what used to take 200, standard equity grants haven't caught up. A founding engineer replacing a 50-person team shouldn't get 1-2%. That's a pricing error. Extend the vest and increase the grants.